12 matches found
CVE-2025-0655
A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the enablecustomfilters feature, which is typically restricted to trusted environments. Once enabled, the attacker can exploit the /test-filter endpoint to execute arbitrary system...
CVE-2025-0655
Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-9016
Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45595. Notes: All CVE users should reference CVE-2024-45595 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2025-0655
CVE-2025-0655 is a duplicate of CVE-2024-55890. Connected sources describe a D-Tale (dtale) RCE affecting dtale versions around 3.15.1 where an attacker can override global state to enable enable_custom_filters, then abuse the /test-filter endpoint to execute arbitrary commands, with the fix in 3...
CVE-2025-0655
...
CVE-2024-9016
...
CVE-2024-9016
CVE-2024-9016 affects D-Tale (Man Group) for Pandas data structures, where versions
CVE-2024-9016
...
PT-2025-12319 · Man · D-Tale
Name of the Vulnerable Software and Affected Versions: man-group/dtale version 3.15.1 Description: A vulnerability in man-group/dtale allows an attacker to override global state settings to enable the enable custom filters feature, which is typically restricted to trusted environments. Once...
CVE-2024-3408
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...
CVE-2024-3408 Authentication Bypass and RCE in man-group/dtale
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...
CVE-2024-3408
CVE-2024-3408 (DTale) affects man-group/dtale 3.10.0 up to 3.15.1. Root causes: (1) hardcoded SECRET_KEY in Flask config enabling session forgery; (2) improper input validation that allows bypass of authentication and arbitrary code execution via the /dtale/update-settings and /dtale/test-filter ...