datart 安全漏洞

Datart is an open-source data visualization platform developed by running-elephant. Version datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from the unchecked URL parameter in the JDBC configuration, which may allow attackers to execute arbitrary code...

CVE-2025-70829

Datart v1.0.0-rc.3 contains an information exposure vulnerability allowing authenticated attackers to access sensitive data through a custom H2 JDBC connection string. The description notes that access is via an authenticated context, but no exploit details, vectors, or remediation are provided i...

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

datart 安全漏洞

Datart is an open-source data visualization platform developed by running-elephant. Version datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from allowing authenticated attackers to access sensitive data through custom H2 JDBC connection strings, resulting in...

datart 安全漏洞

Datart is an open-source data visualization platform developed by running-elephant. Version Datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from the improper cleaning of SQL script field inputs by the Freemarker template engine. It could allow authenticated attacker...

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from mishandling of configuration files and can lead to path traversal and remote code execution...

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from improper handling of the INIT connection parameter and could lead to the execution of arbitrary code...

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal via POST /viz/image due to saving uploaded files with MultipartFile.transferTo() to user-controllable paths and insufficient filename verification. Root cause: lack of strict validation of the uploaded filename. Impact: potential file path tr...

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

CVE-2025-56819

Datart v1.0.0-rc.3 contains a remote code execution vulnerability (CVE-2025-56819) due to improper handling of the INIT connection parameter. The issue allows an unauthenticated, network-originated attacker to execute arbitrary code with high impact (CVE details indicate C:H/I:H/A:H under CVSS 3....

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from the POST /viz/image interface not strictly validating filenames, which could lead to a directory traversal attack...

PT-2025-36428

Name of the Vulnerable Software and Affected Versions: Datart versions up to 1.0.0-rc3 Description: A vulnerability exists in Datart due to the use of a hard-coded cryptographic key within the getTokensecret function located in the datart/security/src/main/java/datart/security/util/AESUtil.java...