702 matches found
CVE-2021-38239
SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sysmsg/list/1/10...
CVE-2022-39312
Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In...
Deserialization of untrusted data
Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In...
CVE-2022-39312
Dataease CVE-2022-39312 describes a deserialization vulnerability in the Mysql data source JDBC connection: MysqlConfiguration does not filter JDBC URL parameters, so an attacker can append parameters to connect to a malicious MySQL server and trigger a MySQL JDBC deserialization, potentially exe...
CVE-2022-39312 Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability
Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In...
DataEase 代码问题漏洞
DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase 1.15.2 before the version of a security vulnerability , the vulnerability stems from the...
CVE-2022-39312 Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability
Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In...
CVE-2022-39312 Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability
Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.15.0), io.dataease:dataease-plugin-interface (>=1.0 <=1.15.0) +1 more potentially affected by CVE-2022-39312 via io.dataease:dataease-plugin-common (>=1.0 <=1.15.0)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.15.0 Source cves: CVE-2022-39312 Source advisory: OSV:GHSA-Q4QQ-JHJV-7RH2...
GHSA-Q4QQ-JHJV-7RH2 MySQL JDBC deserialization vulnerability
Impact In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, MysqlConfiguration class don't filter any parameters, directl...
MySQL JDBC deserialization vulnerability
Impact In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, MysqlConfiguration class don't filter any parameters, directl...
GHSA-5469-C5P2-XV5G Dataease before 1.11.2 allows arbitrary code execution via crafter plugin
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Version 1.11.2 contains a patch for the problem...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34115 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34115 Source advisory: OSV:GHSA-VJMR-6PMM-RPRF...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34114 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34114 Source advisory: OSV:GHSA-HMVW-66JM-H9FH...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34112 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34112 Source advisory: OSV:GHSA-C2PJ-RR68-PW94...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34113 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34113 Source advisory: OSV:GHSA-5469-C5P2-XV5G...
GHSA-HMVW-66JM-H9FH SQL Injection found in Dataease
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. Version 1.11.2 contains a fix...
GHSA-VJMR-6PMM-RPRF Dataease v1.11.1 SQL Injection via parameter dataSourceId
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. Version 1.11.2 contains a fix...
GHSA-C2PJ-RR68-PW94 Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. Version 1.11.2 contains a patch for this issue...
Dataease before 1.11.2 allows arbitrary code execution via crafter plugin
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Version 1.11.2 contains a patch for the problem...