7 matches found
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...
CVE-2024-37759
DataGear v5.0.0 and earlier contains a SpEL (Spring Expression Language) expression injection in the Data Viewing interface. Root cause: SpEL injection can be triggered when viewing data, potentially enabling arbitrary code execution. Exploitation and PoC exist (GitHub proof of concept shows remo...
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...
PT-2024-27732 · Datagear · Datagear
Name of the Vulnerable Software and Affected Versions: DataGear versions 5.0.0 and earlier Description: A SpEL Spring Expression Language expression injection issue was found in the Data Viewing interface. This allows for potential malicious activity via the injection of expressions...
DataGear Security Breach
DataGear is an open source, free data visualization and analysis platform from DataGear, Inc. A security vulnerability exists in DataGear v5.0.0 and prior versions, which originates from the Data Viewing interface containing a SpEL expression injection...