65 matches found
Datart v1.0.0-rc.3 - Remote Code Execution
Datart v1.0.0-rc.3 contains a vulnerability that allows remote attackers to execute arbitrary code via INIT connection parameters. id: CVE-2025-56819 info: name: Datart v1.0.0-rc.3 - Remote Code Execution author: Redmomn severity: critical description: | Datart v1.0.0-rc.3 contains a vulnerabilit...
CVE-2025-70830
A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...
CVE-2025-70829
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...
CVE-2025-70828
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...
CVE-2025-70828
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...
CVE-2025-70830
A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...
CVE-2025-70830
A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...
CVE-2025-70829
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...
CVE-2025-70829
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...
CVE-2025-70828
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...
CVE-2025-70829
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...
CVE-2025-70829
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...
CVE-2025-70828
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...
CVE-2025-70830
A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...
datart 安全漏洞
Datart is an open-source data visualization platform developed by running-elephant. Version Datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from the improper cleaning of SQL script field inputs by the Freemarker template engine. It could allow authenticated attacker...
CVE-2025-70828
Datart v1.0.0-rc.3 contains a vulnerability where the JDBC configuration’s url parameter allows attackers to execute arbitrary code. The issue is consistently described across Red Hat, CVE listings, and PT Security, identifying the affected component as the JDBC URL handling. Impact is described ...
PT-2026-20267
Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description A Server-Side Template Injection SSTI flaw exists in the Freemarker template engine of Datart. Authenticated attackers can execute arbitrary code by injecting crafted Freemarker template syntax into the SQ...
PT-2026-20265
Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An issue exists that allows attackers to execute arbitrary code through the url parameter within the JDBC configuration. The affected component is the JDBC configuration. Recommendations Update to a newer...
CVE-2025-70830
CVE-2025-70830 describes a Server-Side Template Injection (SSTI) in the Freemarker template engine of Datart v1.0.0-rc.3. An authenticated attacker can inject crafted Freemarker template syntax into the SQL script field to achieve arbitrary code execution. Affected software: Datart (Freemarker te...
datart 安全漏洞
Datart is an open-source data visualization platform developed by running-elephant. Version datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from the unchecked URL parameter in the JDBC configuration, which may allow attackers to execute arbitrary code...