CVE-2024-45595

Published: Sep 10, 2024

Modified: Sep 10, 2024

PUBLISHED

CVSS v3.1

6.1

MEDIUM

Description

D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default.

Vendor	Product	Versions
man-group	dtale	affected `< 3.14.1`

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/man-group/dtale/security/advisories/GHSA-pw44-4h99-wqff

x_refsource_CONFIRM

https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8

x_refsource_MISC

https://github.com/man-group/dtale#custom-filter

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-45595

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References