D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the `update-settings` endpoint blocks the ability for users to update the `enable_custom_filters` flag. The only workaround for versions earlier than 3.16.1 is to only host D-Tale to trusted users.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| dtale(PyPI) | 0 | 3.16.1 | N/A |
CVSS Metrics
