702 matches found
CVE-2024-47074 Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability
DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java,...
CVE-2024-47074 Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability
DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java,...
CVE-2024-47074
DataEase prior to version 1.18.25 is affected. The root cause is the PgConfiguration class in JdbcProvider that does not filter JDBC URL parameters and directly concatenates user input, allowing an attacker to append parameters and connect to a malicious PostgreSQL server. This enables triggering...
DataEase 代码问题漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code issue vulnerability exists in versions prior to DataEase v1.18.25...
DataEase XML External Entity Injection Vulnerability
DataEase is a lightweight, high-performance self-service data visualization and analysis tool that helps users quickly explore and understand complex data, provides real-time data analysis and report generation capabilities, supports a variety of data sources, and is designed to improve data...
DataEase Remote Command Execution Vulnerability (CNVD-2024-39251)
DataEase is a high-performance, easy-to-use, self-service data visualization and analysis tool that helps users quickly explore, understand and share data insights. DataEase suffers from a remote command execution vulnerability, which can be exploited by an attacker to leverage a code injection...
GHSA-4M9P-7XG6-F4MM DataEase has an XML External Entity Reference vulnerability
Impact There is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. 1. send request: POST /de2api/staticResource/upload/1 HTTP/1.1 Host: dataease.ubuntu20.vm...
DataEase has an XML External Entity Reference vulnerability
Impact There is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. 1. send request: POST /de2api/staticResource/upload/1 HTTP/1.1 Host: dataease.ubuntu20.vm...
GHSA-H7MJ-M72H-QM8W DataEase's H2 datasource has a remote command execution risk
Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: POST /de2api/datasource/validate HTTP/1.1 Host: dataease.ubuntu20.vm User-Agent: python-requests/2.31.0 Accept-Encoding: gzip, deflate Accept: / Connection:...
DataEase's H2 datasource has a remote command execution risk
Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: POST /de2api/datasource/validate HTTP/1.1 Host: dataease.ubuntu20.vm User-Agent: python-requests/2.31.0 Accept-Encoding: gzip, deflate Accept: / Connection:...
CVE-2024-46985
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerabilit...
CVE-2024-46997
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1...
CVE-2024-46997 DataEase's H2 datasource has a remote command execution risk
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1...
CVE-2024-46997 DataEase's H2 datasource has a remote command execution risk
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1...
CVE-2024-46997
DataEase is affected by a remote command execution vulnerability accessible via the h2 datasource connection. Multiple sources (RH, NVD, OSV, CNVD, GHSA) confirm that prior to version 2.10.1, an attacker could trigger RCE by supplying a crafted h2 data source connection string, with evidence incl...
CVE-2024-46997 DataEase's H2 datasource has a remote command execution risk
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1...
CVE-2024-46985
DataEase (open source data visualization/analysis tool) has an XML External Entity (XXE) vulnerability in its static resource upload interface. Affected versions are
CVE-2024-46985 DataEase has an XXE vulnerability
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerabilit...
CVE-2024-46985 DataEase has an XXE vulnerability
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerabilit...
CVE-2024-46985 DataEase has an XXE vulnerability
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerabilit...