CVE-2024-3408P1CRITICALCVSS 9.8ExploitedPoC≥ unspecified, < 3.13.12024-06-06
CVE-2024-3408 [CRITICAL] CWE-798 CVE-2024-3408: man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restri
nvd