3 matches found
CVE-2026-45417
DataEase (open source data visualization/analysis tool) is affected by a SQL injection in the CalciteProvider#checkStatus path. Before version 2.10.23, datasource connection status checks concatenate configuration.getSchema() into getTablesSql and then executeQuery runs the resulting SQL, enablin...
CVE-2026-33207
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...
CVE-2026-33084
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...