Описание
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7_📦_Web_Map_Service.py takes user input, which is passed to get_layers function, in which url is used with get_wms_layer method. get_wms_layer method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
Ссылки
- Product
- Product
- Product
- Patch
- ExploitThird Party Advisory
- Product
- Product
- Product
- Patch
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2024-07-19 (исключая)
cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00214
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-918
CWE-918
EPSS
Процентиль: 44%
0.00214
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-918
CWE-918