CVE-2024-41117 | opengeos streamlit-geospatial 126/up to 115 10_ eval vis_params input validation (GHSL-2024-100)

Inserito da Angelo Barbosa | Lug 26, 2024 | CVE

A vulnerability was found in opengeos streamlit-geospatial up to 115/126. It has been classified as very critical. This affects the function eval of the file pages/10_????_Earth_Engine_Datasets.py. The manipulation of the argument vis_params leads to improper input validation.

This vulnerability is uniquely identified as CVE-2024-41117. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-41117 | opengeos streamlit-geospatial 126/up to 115 10_ eval vis_params input validation (GHSL-2024-100)

Post correlati

CVE-2023-5629 | Schneider Electric Trio Q-Series Ethernet Data Radio redirect (SEVD-2023-346-01)

CVE-2022-48838 | Linux Kernel up to 5.16.16 USB dev_uevent use after free

CVE-2024-27318 | onnx up to 1.15.0 external_data path traversal

CVE-2024-7467 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 3.90 Web Interface /vpn/list_ip_network.php sslvpn_config_mod template/stylenum os command injection