9 matches found
D-Tale 3.10.0 - 3.15.1 - Authentication Bypass & Remote Code Execution
man-group/dtale 3.10.0 contains an authentication bypass and remote code execution caused by improper input validation and a hardcoded SECRETKEY in Flask configuration, letting attackers forge session cookies and execute arbitrary code, exploit requires attacker to access the application. id:...
D-Tale RCE
This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...
CVE-2024-3408
creationtimestamp| type| source ---|---|--- 2025-03-03 12:12:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dtalercecve20250655.rb 2025-03-04 02:34:30+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-03-04 21:02:04+00:00| seen|...
D-Tale Remote Code Execution
This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...
CVE-2024-3408
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...
RCE via Global State Override
This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution RCE. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...
CVE-2024-3408
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...
trt-engine-explorer (>=0.1.2 <=0.1.5) potentially affected by CVE-2024-3408 via dtale (=2.16.0)
dtale PYPI version =2.16.0 is affected by a known vulnerability. The following packages have a transitive dependency on dtale and may be impacted: - trt-engine-explorer =0.1.2, =0.1.5 Source cves: CVE-2024-3408 Source advisory: OSV:PYSEC-2024-117...
CVE-2024-3408 Authentication Bypass and RCE in man-group/dtale
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...