2 matches found
GHSA-H7J7-3RX6-XVCG CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
Impact A vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information. Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...
CVE-2025-48999 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability
DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not ...