CVE-2024-55890

CVSS V2 None CVSS V3 None
Description
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the `update-settings` endpoint blocks the ability for users to update the `enable_custom_filters` flag. The only workaround for versions earlier than 3.16.1 is to only host D-Tale to trusted users.
Overview
  • CVE ID
  • CVE-2024-55890
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-13T18:00:04.173Z
  • Last Modified Date
  • 2024-12-13T18:48:43.721Z
History
Created Old Value New Value Data Type Notes
2024-12-14 13:50:05 Added to TrackCVE