4 matches found
CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource
Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...
CVE-2025-58045
DataEase (DataEase Open Source) contains a JDBC URL injection vulnerability affecting DB2 and MongoDB data source configuration handlers. In versions up to 2.10.13, when extraParams is empty, the HOSTNAME, PORT, and DATABASE values are concatenated into the JDBC URL without filtering illegal para...
PT-2025-37720
Name of the Vulnerable Software and Affected Versions: Dataease versions prior to 2.10.13 Dataease versions 2.10.12 and earlier Description: Dataease is a data visualization and analysis platform. Versions up to and including 2.10.12 are susceptible to remote code execution through the Impala dat...