Back to search
CVE-2024-55890
Published: Dec 13, 2024
Modified: Dec 13, 2024
PUBLISHED
Description
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the `update-settings` endpoint blocks the ability for users to update the `enable_custom_filters` flag. The only workaround for versions earlier than 3.16.1 is to only host D-Tale to trusted users.
| Vendor | Product | Versions |
|---|---|---|
man-group | dtale | affected < 3.16.1 |
Weaknesses (CWE)
References
https://github.com/man-group/dtale/security/advisories/GHSA-832w-fhmw-w4f4
x_refsource_CONFIRM
https://github.com/man-group/dtale#custom-filter
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now