Lucene search
K
Datax-web ProjectDatax-web

5 matches found

CVE
CVE
added 2024/12/09 4:31 a.m.92 views

CVE-2024-12358

WeiYe-Jing datax-web 2.1.1 is affected by an OS command injection in the glueSource parameter of /api/job/add/. The vulnerability, described as critical, can be triggered remotely and has been disclosed publicly. Affected component is the /api/job/add/ processing logic; root cause is input manipu...

8.8CVSS6.9AI score0.04942EPSS
CVE
CVE
added 2023/12/27 3:31 p.m.85 views

CVE-2023-7116

WeiYe-Jing datax-web 2.1.2 is affected by an OS command injection in the HTTP POST handler for /api/log/killJob, via manipulation of the processId parameter. The issue can be exploited remotely and has been disclosed publicly. Remediation recommended in connected templates is to update to a newer...

9.8CVSS8.4AI score0.09901EPSS
CVE
CVE
added 2023/01/13 12:0 a.m.56 views

CVE-2022-46478

The CVE-2022-46478 issue affects datax-web v1.0.0 and v2.0.0 through v2.1.2. The RPC interface does not perform default permission checks, enabling an attacker to execute arbitrary commands by sending crafted Hessian-serialized data. Impact is described as remote command execution over the networ...

9.8CVSS9.6AI score0.01091EPSS
CVE
CVE
added 2025/11/16 1:2 p.m.15 views

CVE-2025-13251

The CVE-2025-13251 entry concerns WeiYe-Jing datax-web up to 2.1.2, where an unknown function can be manipulated to cause SQL injection. Multiple sources (NVD, Red Hat RH:CVE-2025-13251, CNNVD-202511-1817, EUVD-2025-197731, osv) describe remote exploitation with published exploits. Impact is desc...

8.8CVSS6.6AI score0.00314EPSS
CVE
CVE
added 2025/11/16 12:2 p.m.14 views

CVE-2025-13250

The CVE-2025-13250 vulnerability affects WeiYe-Jing datax-web (up to 2.1.2), specifically the Job Handler’s remove, update, pause, start, and triggerJob functions. The described flaw causes improper access controls and can be exploited remotely; multiple sources confirm public exploitation vector...

8.8CVSS6.4AI score0.00338EPSS