CVE-2023-37258

2023-07-2520:15:13

Google

osv.dev

dataease

v1.18.9

sql injection

8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.9%

JSON

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds.

CPENameOperatorVersion
dataeaseeq1.0.0-rc1
dataeaseeq1.18.3
dataeaseeq1.18.6
dataeaseeq1.18.5
dataeaseeq1.18.7
dataeaseeq1.3.0
dataeaseeq1.11.1
dataeaseeq1.18.8
dataeaseeq1.0.0-rc2
dataeaseeq1.11.0

Name	Operator	Version
dataease	eq	1.0.0-rc1
dataease	eq	1.18.3
dataease	eq	1.18.6
dataease	eq	1.18.5
dataease	eq	1.18.7
dataease	eq	1.3.0
dataease	eq	1.11.1
dataease	eq	1.18.8
dataease	eq	1.0.0-rc2
dataease	eq	1.11.0