5 matches found
CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34113 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34113 Source advisory: OSV:GHSA-5469-C5P2-XV5G...
CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...
CVE-2022-34113
CVE-2022-34113 affects DataEase v1.11.1, where the vulnerable component is the /api/plugin/upload endpoint. A crafted plugin can lead to arbitrary code execution on the server due to improper handling in the upload workflow. Remediation: upgrade to DataEase v1.11.2, which contains a patch address...
CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...