chartbrew 代码注入漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.1 contained a code injection vulnerability, which was caused by remote code execution vulnerabilities in MongoDB dataset queries...

CVE-2024-52313

An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all...