Lucene search

Veracode Vulnerability DatabaseVERACODE:44978

HistoryJan 08, 2024 - 6:02 a.m.

Server Side Request Forgery (SSRF)

2024-01-0806:02:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

ssrf

dtale software

local network access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.3%

JSON

dtale is vulnerable to Server Side Request Forgery. The vulnerability is due to the Load From the Web configuration being enabled by default. This issue can be exploited by an attacker to access files on the local network resulting in Server Side Request Forgery.

CPENameOperatorVersion
dtalele3.8.1
dtalele3.8.1

CPE	Name	Operator	Version
	dtale	le	3.8.1
	dtale	le	3.8.1

References

github.com/advisories/GHSA-7hfx-h3j3-rwq4

github.com/man-group/dtale/commit/954f6be1a06ff8629ead2c85c6e3f8e2196b3df2

github.com/man-group/dtale/security/advisories/GHSA-7hfx-h3j3-rwq4

github.com/man-group/dtale?tab=readme-ov-file#load-data--sample-datasets

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.3%

JSON

Related for VERACODE:44978