CVE-2024-55890
CVSS V2 None
CVSS V3 None
Description
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the `update-settings` endpoint blocks the ability for users to update the `enable_custom_filters` flag. The only workaround for versions earlier than 3.16.1 is to only host D-Tale to trusted users.
Overview
- CVE ID
- CVE-2024-55890
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-13T18:00:04.173Z
- Last Modified Date
- 2024-12-13T18:48:43.721Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/man-group/dtale/security/advisories/GHSA-832w-fhmw-w4f4 | x_refsource_CONFIRM |
https://github.com/man-group/dtale/commit/1e26ed3ca12fe83812b90f12a2b3e5fb0b740f7a | x_refsource_MISC |
https://github.com/man-group/dtale#custom-filter | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-55890 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55890 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-14 13:50:05 | Added to TrackCVE |