65 matches found
Datart v1.0.0-rc.3 - Remote Code Execution
Datart v1.0.0-rc.3 contains a vulnerability that allows remote attackers to execute arbitrary code via INIT connection parameters. id: CVE-2025-56819 info: name: Datart v1.0.0-rc.3 - Remote Code Execution author: Redmomn severity: critical description: | Datart v1.0.0-rc.3 contains a vulnerabilit...
CVE-2025-70830
A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...
CVE-2025-70829
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...
CVE-2025-70828
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...
CVE-2025-70830
A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...
CVE-2025-70828
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...
CVE-2025-70830
A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...
CVE-2025-70829
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...
CVE-2025-70829
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...
CVE-2025-70828
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...
datart 安全漏洞
Datart is an open-source data visualization platform developed by running-elephant. Version datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from allowing authenticated attackers to access sensitive data through custom H2 JDBC connection strings, resulting in...
CVE-2025-70829
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...
CVE-2025-70829
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...
CVE-2025-70828
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...
CVE-2025-70829
Datart v1.0.0-rc.3 contains an information exposure vulnerability allowing authenticated attackers to access sensitive data through a custom H2 JDBC connection string. The description notes that access is via an authenticated context, but no exploit details, vectors, or remediation are provided i...
CVE-2025-70830
A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...
CVE-2025-70830
A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...
PT-2026-20267
Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description A Server-Side Template Injection SSTI flaw exists in the Freemarker template engine of Datart. Authenticated attackers can execute arbitrary code by injecting crafted Freemarker template syntax into the SQ...
datart 安全漏洞
Datart is an open-source data visualization platform developed by running-elephant. Version Datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from the improper cleaning of SQL script field inputs by the Freemarker template engine. It could allow authenticated attacker...
CVE-2025-70828
Datart v1.0.0-rc.3 contains a vulnerability where the JDBC configuration’s url parameter allows attackers to execute arbitrary code. The issue is consistently described across Red Hat, CVE listings, and PT Security, identifying the affected component as the JDBC URL handling. Impact is described ...