3 matches found
CVE-2024-23328
Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java. The...
CVE-2024-23328
creationtimestamp| type| source ---|---|--- 2024-02-04 02:49:41+00:00| seen| Telegram/5viUor3PDSvPiqgNCr88mEj2y9oAxMu41yUy-oSPp0S00Q 2024-02-24 09:41:16+00:00| seen| https://t.me/ctinow/192510 2024-02-29 02:56:23+00:00| seen| https://t.me/ctinow/196110 2024-02-29 03:02:55+00:00| seen|...
CVE-2024-23328
CVE-2024-23328 concerns DataEase, an open-source data visualization/analysis tool. The vulnerability resides in the DataEase datasource implementation, specifically in the Java file Mysql.java, where unsafe deserialization can be triggered through bypassable blacklist checks on MySQL JDBC paramet...