Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
D-Tale server-side request forgery through Web uploads
Vulnerability Description
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Man Group D-Tale 代码问题漏洞
Vulnerability Description
Man Group D-Tale是Man Group公司的一个pandas数据结构的可视化工具。 Man Group D-Tale 3.9.0之前版本存在代码问题漏洞。攻击者利用该漏洞能够访问服务器上的文件。
CVSS Information
N/A
Vulnerability Type
N/A