HIGH

GHSA-c87c-78rc-vmv2

D-Tale affected by Remote Code Execution through the /save-column-filter endpoint

Details

### Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server.

### Patches Users should upgrade to version 3.20.0.

### Workarounds There are no workarounds for versions < 3.20.0

Enter the version of the package you're using.

Introduced in: 0 Fixed in: 3.20.0

Fix pip install --upgrade 'dtale>=3.20.0'