Lucene search
K

4 matches found

CVE
CVE
added 2023/10/25 8:51 p.m.75 views

CVE-2023-46134

CVE-2023-46134 concerns D-Tale, a Flask back-end + React front-end tool for Pandas data. The vulnerability arises from the Custom Filter input, enabling remote code execution when D-Tale is hosted publicly and the input is not properly restricted. The issue was patched in version 3.7.0 by turning...

9.8CVSS8AI score0.00756EPSS
CVE
CVE
added 2024/09/10 4:3 p.m.61 views

CVE-2024-45595

D-Tale (Pandas visualizer) is vulnerable to remote code execution when hosted publicly via the Chart Builder’s Custom Filter input. The underlying issue is improper handling/validation of user-supplied input in the Custom Filter, enabling execution of arbitrary code on the server. The recommended...

9.8CVSS8.4AI score0.00741EPSS
CVE
CVE
added 2024/01/05 9:11 p.m.47 views

CVE-2024-21642

D-Tale (Man Group) is affected by CVE-2024-21642. Prior to version 3.9.0, hosting D-Tale publicly can enable server-side request forgery (SSRF) via the Load From the Web feature, allowing access to server files. The fix is to upgrade to version 3.9.0, where this input is disabled by default. A wo...

7.5CVSS7.5AI score0.00711EPSS
CVE
CVE
added 2026/04/06 5:32 p.m.22 views

CVE-2026-35052

D-Tale (Flask backend + React frontend) prior to version 3.22.0 is vulnerable when hosted publicly with Redis or shelf storage, allowing remote code execution on the server. The issue stems from how the global state/storage could be exploited; upgrading to 3.22.0 fixes the vulnerability. Affected...

9.8CVSS6.5AI score0.00622EPSS