4 matches found
CVE-2023-46134
CVE-2023-46134 concerns D-Tale, a Flask back-end + React front-end tool for Pandas data. The vulnerability arises from the Custom Filter input, enabling remote code execution when D-Tale is hosted publicly and the input is not properly restricted. The issue was patched in version 3.7.0 by turning...
CVE-2024-45595
D-Tale (Pandas visualizer) is vulnerable to remote code execution when hosted publicly via the Chart Builder’s Custom Filter input. The underlying issue is improper handling/validation of user-supplied input in the Custom Filter, enabling execution of arbitrary code on the server. The recommended...
CVE-2024-21642
D-Tale (Man Group) is affected by CVE-2024-21642. Prior to version 3.9.0, hosting D-Tale publicly can enable server-side request forgery (SSRF) via the Load From the Web feature, allowing access to server files. The fix is to upgrade to version 3.9.0, where this input is disabled by default. A wo...
CVE-2026-35052
D-Tale (Flask backend + React frontend) prior to version 3.22.0 is vulnerable when hosted publicly with Redis or shelf storage, allowing remote code execution on the server. The issue stems from how the global state/storage could be exploited; upgrading to 3.22.0 fixes the vulnerability. Affected...