118 matches found
GHSA-PW44-4H99-WQFF D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder
Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default. You can find out more information on how to turn it back...
CVE-2024-45595
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default...
CVE-2024-45595 D-Tale allows Remote Code Execution through the Query input on Chart Builder
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default...
CVE-2024-45595
D-Tale (Pandas visualizer) is vulnerable to remote code execution when hosted publicly via the Chart Builder’s Custom Filter input. The underlying issue is improper handling/validation of user-supplied input in the Custom Filter, enabling execution of arbitrary code on the server. The recommended...
CVE-2024-45595 D-Tale allows Remote Code Execution through the Query input on Chart Builder
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default...
CVE-2024-45595 D-Tale allows Remote Code Execution through the Query input on Chart Builder
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default...
PT-2024-31697 · D-Tale · D-Tale
Name of the Vulnerable Software and Affected Versions: D-Tale versions prior to 3.14.1 Description: D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. The issue is...
Man D-Tale 跨站脚本漏洞
Man D-Tale is a pandas data structure visualization tool from Man. A cross-site scripting vulnerability exists in Man D-Tale versions prior to 3.14.1 that stems from vulnerability to remote code execution attacks and allows an attacker to run malicious code on the server...
D-Tale Input Validation Error Vulnerability
Man Group D-Tale is a pandas data structure visualization tool from Man Group, Inc. An input validation error vulnerability exists in D-Tale, which stems from a hard-coded SECRETKEY in the flask configuration, which allows an attacker to forge a session cookie if authentication is enabled...
CVE-2024-21642
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...
Server side request forgery (ssrf)
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...
GHSA-7HFX-H3J3-RWQ4 D-Tale server-side request forgery through Web uploads
Impact Users hosting D-Tale publicly can be vulnerable to server-side request forgery SSRF allowing attackers to access files on the server. Patches Users should upgrade to version 3.9.0 where the "Load From the Web" input is turned off by default. You can find out more information on how to turn...
D-Tale server-side request forgery through Web uploads
Impact Users hosting D-Tale publicly can be vulnerable to server-side request forgery SSRF allowing attackers to access files on the server. Patches Users should upgrade to version 3.9.0 where the "Load From the Web" input is turned off by default. You can find out more information on how to turn...
CVE-2024-21642 D-Tale server-side request forgery through Web uploads
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...
CVE-2024-21642 D-Tale server-side request forgery through Web uploads
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...
CVE-2024-21642 D-Tale server-side request forgery through Web uploads
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...
CVE-2024-21642
D-Tale (Man Group) is affected by CVE-2024-21642. Prior to version 3.9.0, hosting D-Tale publicly can enable server-side request forgery (SSRF) via the Load From the Web feature, allowing access to server files. The fix is to upgrade to version 3.9.0, where this input is disabled by default. A wo...
Man Group D-Tale Code Issue Vulnerability
Man Group D-Tale is a pandas data structure visualization tool from Man Group. A code issue vulnerability exists in Man Group D-Tale versions prior to 3.9.0. An attacker could exploit the vulnerability to gain access to files on the server...
PT-2024-18992 · D-Tale · D-Tale
Name of the Vulnerable Software and Affected Versions: D-Tale versions prior to 3.9.0 Description: D-Tale is a visualizer for Pandas data structures. Users hosting versions prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the...
CVE-2023-46134
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...