CVE-2023-46134

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

CVE-2024-21642

D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...

GHSA-R7J8-5H9C-F6FX Remote Command Execution in file editing in gogs

Impact The malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. Patches Editing symlink while changing the file name has been prohibited via the repository web editor https://github.com/gogs/gogs/pull/7857. Users should upgrade to 0.13...

CVE-2024-21642 D-Tale server-side request forgery through Web uploads

D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...