7 matches found
EUVD-2026-23310
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializ...
CVE-2026-40901
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializ...
CVE-2026-40901 DataEase: Quartz Deserialization → Remote Code Execution
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializ...
CVE-2026-40901 DataEase: Quartz Deserialization → Remote Code Execution
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializ...
CVE-2026-40901
DataEase (open-source data visualization platform) versions 2.10.20 and earlier ship legacy velocity-1.7.jar pulling in commons-collections-3.2.1.jar containing InvokerTransformer gadget chain. Quartz 2.3.2 is bundled and deserializes JOB_DATA blobs from qrtz_job_details via ObjectInputStream wit...
PT-2026-33364
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.21 Description An authenticated attacker with the ability to write to the Quartz job table, for example via SQL injection in 'previewSql', can achieve remote code execution. The application bundles Quartz 2.3.2,...
DataEase 安全漏洞
DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.20 and earlier contain security vulnerabilities...