CVE-2024-45595

Advisory

D-Tale affected versions potentially exposed a security vulnerability by processing user-supplied queries without restrictions. This could allow malicious actors to craft queries leading to unauthorized data access or manipulation. The patch introduces a feature flag, "enable_custom_filters", which, when disabled, prevents processing of custom queries, significantly reducing the attack surface. Users are advised to update to the latest version and carefully manage this new flag, enabling custom filters only when necessary. Organizations should review any existing deployments, ensure proper configuration of the feature flag, and consider disabling custom filters in sensitive environments.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8
• https://github.com/advisories/GHSA-pw44-4h99-wqff
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45595