Описание
Duplicate Advisory: D-Tale Command Injection vulnerability
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-832w-fhmw-w4f4. This link is maintained to preserve external references.
Original Description
A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the enable_custom_filters feature, which is typically restricted to trusted environments. Once enabled, the attacker can exploit the /test-filter endpoint to execute arbitrary system commands, leading to remote code execution (RCE). This issue is addressed in version 3.16.1.
Пакеты
dtale
< 3.17.0
3.17.0
Связанные уязвимости
Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.