Lucene search

Veracode Vulnerability DatabaseVERACODE:45744

HistoryMar 04, 2024 - 10:02 a.m.

Insecure Deserialization

2024-03-0410:02:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

dataease

insecure deserialization

url encoding

jdbc

blacklist

arbitrary code

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

17.3%

JSON

Dataease is vulnerable to Insecure Deserialization. The vulnerability is due not considering URL encoding while blacklisting certain user-controllable jdbc parameters in the JDBC connection url while calling methods getExtraParams() and URLDecoder.decode(getExtraParams()) within ``Mysql.java`. An attacker can exploit this to bypass the blacklist filter and execute arbitrary code.

References

github.com/dataease/dataease/commit/4128adf5fc4592b55fa1722a53b178967545d46a

github.com/dataease/dataease/commit/bb540e6dc83df106ac3253f331066129a7487d1a

github.com/dataease/dataease/security/advisories/GHSA-8x8q-p622-jf25

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

17.3%

JSON

Related for VERACODE:45744