PT-2023-14939 · Datax-Web · Datax-Web

Name of the Vulnerable Software and Affected Versions: datax-web versions 1.0.0 through 2.1.2 Description: The issue concerns the RPC interface in datax-web, which lacks permission checks by default. This allows attackers to execute arbitrary commands by sending crafted Hessian serialized data...

DataX-Web 代码问题漏洞

DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developers. A security vulnerability exists in DataX-Web v1.0.0 and v2.0.0 to v2.1.2, which stems from the fact that its RPC interface does not perform privilege checking by default, allowing an...