CVE-2024-45595

D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default.
Configurations

Configuration 1 (hide)

cpe:2.3:a:man:d-tale:*:*:*:*:*:*:*:*

History

20 Sep 2024, 19:59

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () https://github.com/man-group/dtale#custom-filter - () https://github.com/man-group/dtale#custom-filter - Product
References () https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8 - () https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8 - Patch
References () https://github.com/man-group/dtale/security/advisories/GHSA-pw44-4h99-wqff - () https://github.com/man-group/dtale/security/advisories/GHSA-pw44-4h99-wqff - Vendor Advisory
First Time Man
Man d-tale
CPE cpe:2.3:a:man:d-tale:*:*:*:*:*:*:*:*
Summary
  • (es) D-Tale es un visualizador de estructuras de datos de Pandas. Los usuarios que alojan D-Tale públicamente pueden ser vulnerables a la ejecución remota de código, lo que permite a los atacantes ejecutar código malicioso en el servidor. Los usuarios deben actualizar a la versión 3.14.1, donde la entrada "Filtro personalizado" está desactivada de forma predeterminada.
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 9.8

10 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-10 16:15

Updated : 2024-09-20 19:59


NVD link : CVE-2024-45595

Mitre link : CVE-2024-45595

CVE.ORG link : CVE-2024-45595


JSON object : View

Products Affected

man

  • d-tale
CWE
NVD-CWE-noinfo CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')