Описание
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the vis_params variable on line 80 in 8_🏜️_Raster_Data_Visualization.py takes user input, which is later used in the eval() function on line 86, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
Ссылки
- Product
- Product
- Patch
- ExploitThird Party Advisory
- Product
- Product
- Patch
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2024-07-19 (исключая)
cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01559
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo
EPSS
Процентиль: 81%
0.01559
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo