XSS in Man-group Dtale
CVE-2024-55890
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.066 (91.3th percentile) — read the EPSS interpretation.
Affected products
- Man-group Dtale — versions < 3.16.1
Weakness classification (CWE)
Public proof-of-concept exploits
References
- https://github.com/man-group/dtale/security/advisories/GHSA-832w-fhmw-w4f4 (x_refsource_CONFIRM)
- https://github.com/man-group/dtale/commit/1e26ed3ca12fe83812b90f12a2b3e5fb0b740f7a (x_refsource_MISC)
- https://github.com/man-group/dtale#custom-filter (x_refsource_MISC)
Frequently asked questions
- What is CVE-2024-55890?
- CVE-2024-55890 is a vulnerability in Man-group Dtale, classified under Cross-site Scripting. Published 2024-12-13.
- Is CVE-2024-55890 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.