4 matches found
SQL Injection
dataease-plugin-common is vulnerable to SQL Injection. The vulnerability exists through the PluginGridSql.xml due to the lack of query validation, allowing an attacker to gain sensitive information via a maliciously crafted string outside the blacklist function...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.18.6), io.dataease:dataease-plugin-interface (>=1.0 <=1.18.6) +1 more potentially affected by CVE-2023-32310 via io.dataease:dataease-plugin-common (>=1.0 <=1.18.6)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.18.6 Source cves: CVE-2023-32310 Source advisory: OSV:GHSA-7HV6-GV38-78WJ...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34114 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34114 Source advisory: OSV:GHSA-HMVW-66JM-H9FH...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34113 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34113 Source advisory: OSV:GHSA-5469-C5P2-XV5G...