12 matches found
CVE-2026-35052
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...
CVE-2026-35052
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...
CVE-2026-35052
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...
CVE-2026-35052 D-Tale affected by Remote Code Execution through redis/shelf storage
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...
CVE-2026-35052 D-Tale affected by Remote Code Execution through redis/shelf storage
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...
CVE-2026-35052
D-Tale (Flask backend + React frontend) prior to version 3.22.0 is vulnerable when hosted publicly with Redis or shelf storage, allowing remote code execution on the server. The issue stems from how the global state/storage could be exploited; upgrading to 3.22.0 fixes the vulnerability. Affected...
Man D-Tale 跨站脚本漏洞
Man D-Tale is a visualization tool for pandas data structures within the Man company. Versions of Man D-Tale prior to 3.22.0 contained a cross-site scripting vulnerability. This vulnerability could lead to remote code execution attacks when using Redis or Shelf storage layers...
Remote Code Execution
D-Tale is vulnerable to Remote Code Execution. The vulnerability is due to the use of redis or shelf storage layer, where users hosting D-Tale publicly could allow attackers to run malicious code on the server...
GHSA-436G-FHFC-9G5W D-Tale: Remote Code Execution through redis/shelf storage
Impact Users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.22.0. Workarounds There are no workarounds for versions 3.22.0...
D-Tale: Remote Code Execution through redis/shelf storage
Impact Users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.22.0. Workarounds There are no workarounds for versions 3.22.0...
Cross-site Scripting (XSS)
Overview dtale is a Web Client for Visualizing Pandas Objects Affected versions of this package are vulnerable to Cross-site Scripting XSS through the DtaleRedis.get and shelf storage code in dtale/globalstate.py. An attacker can run arbitrary code on the server by supplying a crafted pickle...
PT-2026-30017
Name of the Vulnerable Software and Affected Versions D-Tale versions prior to 3.22.0 Description D-Tale, comprising a Flask back-end and a React front-end for viewing and analyzing Pandas data structures, had a remote code execution issue. Hosting D-Tale publicly with a redis or shelf storage...