Drun1Baby

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 2.10.9 **Description** DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete Remote Code Execution (RCE) through the backend JDBC link. This issue has been patched in version 2.10.9. **Recommendations** For versions prior to 2.10.9, update to version 2.10.9 to resolve the issue. As a temporary workaround, consider restricting access to the backend JDBC link until the update is applied.

**Nome do software vulnerável e versões afetadas** Apache DolphinScheduler, versões 3.1.0 a 3.2.1 **Descrição** Existe uma vulnerabilidade de leitura e gravação de arquivos no Apache DolphinScheduler, permitindo que usuários autenticados acessem ilegalmente arquivos de recursos adicionais. **Recomendações** Para as versões 3.1.0 a 3.2.1 do Apache DolphinScheduler, atualize para a versão 3.2.2 para corrigir o problema.