CVE-2024-41118 Information
Description
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489 the url variable on line 47 of pages/7_??_Web_Map_Service.py takes user input which is passed to get_layers function in which url is used with get_wms_layer method. get_wms_layer method creates a request to arbitrary destinations leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
Reference
https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L25
https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L47
https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/7_%F0%9F%93%A6_Web_Map_Service.py#L53
streamlit-geospatial
is
a
streamlit
multipage
app
for
geospatial
applications.
Prior
to
commit
c4f81d9616d40c60584e36abb15300853a66e489
the
url
variable
on
line
47
of
pages/7_??_Web_Map_Service.py
takes
user
input
which
is
passed
to
get_layers
function
in
which
url
is
used
with
get_wms_layer
method.
get_wms_layer
method
creates
a
request
to
arbitrary
destinations
leading
to
blind
server-side
request
forgery.
Commit
c4f81d9616d40c60584e36abb15300853a66e489
fixes
this
issue.