ReportizFlow
Filtered by vendor Dataease Project
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31441 | 1 Dataease Project | 1 Dataease | 2024-11-21 | 7.5 High |
| DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19. | ||||
| CVE-2022-34115 | 1 Dataease Project | 1 Dataease | 2024-11-21 | 9.8 Critical |
| DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. | ||||
| CVE-2022-34114 | 1 Dataease Project | 1 Dataease | 2024-11-21 | 8.8 High |
| Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. | ||||
| CVE-2022-34112 | 1 Dataease Project | 1 Dataease | 2024-11-21 | 6.5 Medium |
| An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. | ||||
Page 1 of 1.