Hack-Umbrella

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 2.10.9 **Description** DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete Remote Code Execution (RCE) through the backend JDBC link. This issue has been patched in version 2.10.9. **Recommendations** For versions prior to 2.10.9, update to version 2.10.9 to resolve the issue. As a temporary workaround, consider restricting access to the backend JDBC link until the update is applied.

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.6 Description: The issue allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. There are no known workarounds available. Recommendations: For versions prior to 2.10.6, update to version 2.10.6 to resolve the issue. As a temporary workaround, consider restricting access to the background JDBC connection until the update is applied.