2 matches found
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.18.9), io.dataease:dataease-plugin-interface (>=1.0 <=1.18.9) +1 more potentially affected by CVE-2023-40771 via io.dataease:dataease-plugin-common (>=1.0 <=1.18.9)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.18.9 Source cves: CVE-2023-40771 Source advisory: OSV:GHSA-8RV7-G772-PP3J...
CVE-2023-40771
CVE-2023-40771 : DataEase v1.18.9 suffers a SQL injection due to processing a crafted string that bypasses the blacklist function, enabling a remote attacker to obtain sensitive information. The vulnerability is documented across multiple sources (e.g., Red Hat, NVD, GOV advisories) with an affec...