MEDIUM

GHSA-436g-fhfc-9g5w

D-Tale: Remote Code Execution through redis/shelf storage

Details

### Impact Users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server.

### Patches Users should upgrade to version 3.22.0.

### Workarounds There are no workarounds for versions < 3.22.0

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / dtale

Introduced in: 0 Fixed in: 3.22.0

Fix pip install --upgrade 'dtale>=3.22.0'

References

https://github.com/man-group/dtale/security/advisories/GHSA-436g-fhfc-9g5w [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2026-35052 [ADVISORY]
https://github.com/man-group/dtale [PACKAGE]