CVE-2024-21642

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions D-Tale versions prior to 3.9.0

Description D-Tale is a visualizer for Pandas data structures. Users hosting versions prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server.

Recommendations For versions prior to 3.9.0, the only workaround is to only host D-Tale to trusted users. Upgrade to version 3.9.0, where the Load From the Web input is turned off by default.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2024-21642

GHSA-7HFX-H3J3-RWQ4

Affected Products

D-Tale

CVE-2024-21642

Weakness Enumeration

Related Identifiers

Affected Products

References · 13