datart 安全漏洞

Datart is an open-source data visualization platform developed by running-elephant. Version datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from allowing authenticated attackers to access sensitive data through custom H2 JDBC connection strings, resulting in...

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

datart 安全漏洞

Datart is an open-source data visualization platform developed by running-elephant. Version Datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from the improper cleaning of SQL script field inputs by the Freemarker template engine. It could allow authenticated attacker...

CVE-2025-70829

Datart v1.0.0-rc.3 contains an information exposure vulnerability allowing authenticated attackers to access sensitive data through a custom H2 JDBC connection string. The description notes that access is via an authenticated context, but no exploit details, vectors, or remediation are provided i...

datart 安全漏洞

Datart is an open-source data visualization platform developed by running-elephant. Version datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from the unchecked URL parameter in the JDBC configuration, which may allow attackers to execute arbitrary code...

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from the POST /viz/image interface not strictly validating filenames, which could lead to a directory traversal attack...

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from mishandling of configuration files and can lead to path traversal and remote code execution...

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from improper handling of the INIT connection parameter and could lead to the execution of arbitrary code...

CVE-2025-56819

Datart v1.0.0-rc.3 contains a remote code execution vulnerability (CVE-2025-56819) due to improper handling of the INIT connection parameter. The issue allows an unauthenticated, network-originated attacker to execute arbitrary code with high impact (CVE details indicate C:H/I:H/A:H under CVSS 3....

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal via POST /viz/image due to saving uploaded files with MultipartFile.transferTo() to user-controllable paths and insufficient filename verification. Root cause: lack of strict validation of the uploaded filename. Impact: potential file path tr...

PT-2025-36428

Name of the Vulnerable Software and Affected Versions: Datart versions up to 1.0.0-rc3 Description: A vulnerability exists in Datart due to the use of a hard-coded cryptographic key within the getTokensecret function located in the datart/security/src/main/java/datart/security/util/AESUtil.java...