Lucene search
K

65 matches found

Vulnrichment
Vulnrichment
added 2025/09/24 12:0 a.m.2 views

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

7.6AI score0.03008EPSS
Exploits0References3
CVE
CVE
added 2025/09/24 12:0 a.m.22 views

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal via uploading YAML to config/jdbc-driver-ext.yml, parsed with SnakeYAML unsafe load/loadAs. This allows attacker-controlled YAML deserialization, potentially enabling remote code execution (RCE) under certain conditions. Exploitation details ...

8.8CVSS8.1AI score0.01261EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2025/09/24 12:0 a.m.25 views

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal via POST /viz/image due to saving uploaded files with MultipartFile.transferTo() to user-controllable paths and insufficient filename verification. Root cause: lack of strict validation of the uploaded filename. Impact: potential file path tr...

7.1CVSS6.5AI score0.00582EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2025/09/24 12:0 a.m.10 views

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

0.03008EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/24 12:0 a.m.21 views

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

0.00582EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/09/24 12:0 a.m.2 views

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...

8.1AI score0.01261EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.7 views

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from mishandling of configuration files and can lead to path traversal and remote code execution...

8.8CVSS7.6AI score0.01261EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.12 views

PT-2025-39288

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An issue allows a remote attacker to execute arbitrary code via the INIT connection parameter. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

9.8CVSS7.4AI score0.03008EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.5 views

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from improper handling of the INIT connection parameter and could lead to the execution of arbitrary code...

9.8CVSS7AI score0.03008EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.5 views

PT-2025-39294

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description The application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses these files using SnakeYAML's load or loadAs method without input sanitization...

8.8CVSS7.8AI score0.01261EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.6 views

PT-2025-39293

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description The software is susceptible to a Directory Traversal issue through an unrestricted file upload. The server utilizes MultipartFile.transferTo to save uploaded files to a user-controllable path without...

7.1CVSS6.5AI score0.00582EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2025/09/10 3:25 a.m.15 views

CVE-2025-10080

A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The...

3.1CVSS4.1AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2025/09/08 4:15 a.m.18 views

CVE-2025-10080

A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The...

3.1CVSS0.00235EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/08 3:2 a.m.6 views

CVE-2025-10080 running-elephant Datart API AESUtil.java getTokensecret hard-coded key

A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The...

3.1CVSS6.5AI score0.00235EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/08 3:2 a.m.22 views

CVE-2025-10080 running-elephant Datart API AESUtil.java getTokensecret hard-coded key

A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The...

3.1CVSS0.00235EPSS
Exploits0References4
CVE
CVE
added 2025/09/08 3:2 a.m.27 views

CVE-2025-10080

The CVE affects the API component of running-elephant Datart up to version 1.0.0-rc3, specifically the getTokensecret function in datart/security/src/main/java/datart/security/util/AESUtil.java, which uses a hard-coded cryptographic key. The issue is remotely exploitable with high complexity; exp...

3.1CVSS4.1AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.9 views

PT-2025-36428

Name of the Vulnerable Software and Affected Versions: Datart versions up to 1.0.0-rc3 Description: A vulnerability exists in Datart due to the use of a hard-coded cryptographic key within the getTokensecret function located in the datart/security/src/main/java/datart/security/util/AESUtil.java...

3.1CVSS3.9AI score0.00235EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.6 views

Datart 安全漏洞

Datart is running-elephant's open source generation open platform for data visualization. A security vulnerability exists in Datart 1.0.0-rc3 and earlier versions, which stems from the use of hard-coded keys in the datart/security/src/main/java/datart/security/util/AESUtil.java file...

3.1CVSS4.3AI score0.00235EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:29 a.m.5 views

CVE-2024-12994

A vulnerability was found in running-elephant Datart 1.0.0-rc3. It has been rated as critical. Affected by this issue is the function extractModel of the file /import of the component File Upload. The manipulation of the argument file leads to deserialization. The attack may be launched remotely...

6.5CVSS6.7AI score0.00531EPSS
Exploits0References1
NVD
NVD
added 2024/12/28 1:15 p.m.10 views

CVE-2024-12994

A vulnerability was found in running-elephant Datart 1.0.0-rc3. It has been rated as critical. Affected by this issue is the function extractModel of the file /import of the component File Upload. The manipulation of the argument file leads to deserialization. The attack may be launched remotely...

6.5CVSS0.00531EPSS
Exploits0References4
Rows per page
Query Builder