CVE-2024-55890

Severity CVSS v4.0:
MEDIUM
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
13/12/2024
Last modified:
13/12/2024

Description

D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the `update-settings` endpoint blocks the ability for users to update the `enable_custom_filters` flag. The only workaround for versions earlier than 3.16.1 is to only host D-Tale to trusted users.