Home > Vulnerability Database > CVE-2024-45595

Mend.io Vulnerability Database

CVE-2024-45595

Good to know:

Date: September 10, 2024

D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default.

Language: Python

Severity Score

6.1

Related Resources (6)

Url: https://github.com/man-group/dtale#custom-filter

Url: https://github.com/man-group/dtale/security/advisories/GHSA-pw44-4h99-wqff

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45595

Url: https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8

Url: https://github.com/man-group/dtale

Url: https://www.mend.io/vulnerability-database/CVE-2024-45595

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Injection

CWE-74

Top Fix

Upgrade Version

Upgrade to version dtale - 3.14.1

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45595

Good to know:

Date: September 10, 2024

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?