11 matches found
PT-2026-20267
Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description A Server-Side Template Injection SSTI flaw exists in the Freemarker template engine of Datart. Authenticated attackers can execute arbitrary code by injecting crafted Freemarker template syntax into the SQ...
PT-2026-20265
Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An issue exists that allows attackers to execute arbitrary code through the url parameter within the JDBC configuration. The affected component is the JDBC configuration. Recommendations Update to a newer...
EUVD-2025-31018
Malicious code in bioql PyPI...
CVE-2025-56819
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...
CVE-2025-56819
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...
CVE-2025-56819
Datart v1.0.0-rc.3 contains a remote code execution vulnerability (CVE-2025-56819) due to improper handling of the INIT connection parameter. The issue allows an unauthenticated, network-originated attacker to execute arbitrary code with high impact (CVE details indicate C:H/I:H/A:H under CVSS 3....
datart 安全漏洞
datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from mishandling of configuration files and can lead to path traversal and remote code execution...
CVE-2025-56819
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...
PT-2025-39288
Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An issue allows a remote attacker to execute arbitrary code via the INIT connection parameter. Recommendations At the moment, there is no information about a newer version that contains a fix for this...
CVE-2025-56815
Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...
datart 安全漏洞
datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from improper handling of the INIT connection parameter and could lead to the execution of arbitrary code...