Lucene search
GoogleOSV:GHSA-5469-C5P2-XV5GHistoryJul 23, 2022 - 12:00 a.m.
Dataease before 1.11.2 allows arbitrary code execution via crafter plugin
2022-07-2300:00:15
Google
osv.dev
18
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.6%
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Version 1.11.2 contains a patch for the problem.
Related
cve
cve
CVE-2022-34113
2022-07-22 23:15:08
osv
osv
CVE-2022-34113
2022-07-22 23:15:08
prion
prion
Design/Logic Flaw
2022-07-22 23:15:00
github
github
Dataease before 1.11.2 allows arbitrary code execution via crafter plugin
2022-07-23 00:00:15
nvd
nvd
CVE-2022-34113
2022-07-22 23:15:08
cvelist
cvelist
CVE-2022-34113
2022-07-22 22:17:07
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.6%
Related for OSV:GHSA-5469-C5P2-XV5G