702 matches found
PT-2024-32319 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.1 Description: There is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading...
PT-2024-32329 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.1 Description: The issue allows an attacker to achieve remote command execution by adding a carefully constructed h2 data source connection string. This can be done by sending a POST request to the...
DataEase 注入漏洞
DataEase is a high-performance, easy-to-use, self-service data visualization and analysis tool that helps users quickly explore, understand and share data insights. DataEase suffers from a remote command execution vulnerability, which can be exploited by an attacker to leverage a code injection...
PT-2024-32391 · Dataease +1 · Dataease +1
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.25 Description: DataEase is an open source data visualization analysis tool. The PostgreSQL data source function allows customization of JDBC connection parameters and the PG server target. However, the...
CVE-2024-31441
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase v1.18.19 before the version of a security vulnerability , the vulnerability stems from ClickHous...
CVE-2024-31441 Arbitrary File Reading in DataEase
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...
CVE-2024-31441 Arbitrary File Reading in DataEase
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...
CVE-2024-31441
DataEase (pre-1.18.19) is affected by an ARBITRARY FILE READ vulnerability due to lack of restrictions on ClickHouse connection parameters. An attacker can exploit certain malicious parameters to read arbitrary files. A fix is available in v1.18.19; upgrading to this version is recommended. Publi...
CVE-2024-31441 Arbitrary File Reading in DataEase
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...
PT-2024-24078 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.19 Description: DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain...
Unspecified Vulnerability in DataEase (CNVD-2024-20785)
DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . A security vulnerability exists in DataEase versions prior to 2.5.0. Attackers can use this...
CVE-2024-30269
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. The vulnerability has...
CVE-2024-30269 DataEase has database configuration information exposure vulnerability
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. The vulnerability has...
CVE-2024-30269 DataEase has database configuration information exposure vulnerability
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. The vulnerability has...
CVE-2024-30269 DataEase has database configuration information exposure vulnerability
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. The vulnerability has...
CVE-2024-30269
Summary: DataEase before version 2.5.0 is vulnerable to a database configuration information exposure via the endpoint /de2api/engine/getEngine;.js. This path returns the platform’s database configuration, enabling disclosure of sensitive information. Affected versions: prior to 2.5.0 (e.g., up t...
PT-2024-23310 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.5.0 Description: The issue concerns a database configuration information exposure. Visiting the "/de2api/engine/getEngine;.js" API endpoint via a browser reveals the platform's database configuration. The estimate...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . A security vulnerability exists in DataEase versions prior to 2.5.0. Attackers can use this...
The vulnerability of the `core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java` component of the Dataease database management system, which allows a hacker to disclose protected information.
The vulnerability of the core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java component of the Dataease database management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to disclose sensitive information...