5 matches found
CVE-2026-53730
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute...
CVE-2026-53730
CVE-2026-53730 — DataEase : Affected product is DataEase (open source data visualization/analysis tool). Before version 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation, allowing any authenticated user to specify datasourceId=-1, access the ...
PT-2026-56247
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The '/de2api/datasetData/previewSql' endpoint lacks the mandatory @DePermit permission validation annotation. This allows any authenticated user to set the datasourceId variable to -1, granting...
CVE-2026-40900
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...
CVE-2026-40900 DataEase has SQL Injection via Stacked Queries
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...