Duplicate Advisory: D-Tale Command Injection vulnerability

GHSA-gjxm-x497-4h6h

Published Mar 20, 2025 · Modified Apr 15, 2025

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-832w-fhmw-w4f4. This link is maintained to preserve external references.

Original Description

A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the enable_custom_filters feature, which is typically restricted to trusted environments. Once enabled, the attacker can exploit the /test-filter endpoint to execute arbitrary system commands, leading to remote code execution (RCE). This issue is addressed in version 3.16.1.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-0655
WEB https://github.com/man-group/dtale/commit/1e26ed3ca12fe83812b90f12a2b3e5fb0b740f7a
PACKAGE https://github.com/man-group/dtale
WEB https://huntr.com/bounties/f63af7bd-5438-4b36-a39b-4c90466cff13

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes