PT-2023-21865 · Dataease · Dataease

Superxiaoxiong

Publicado

2023-03-28

Atualizado

2023-04-04

CVE-2023-28637

CVSS v3.1

8.0

Alta

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 1.18.5

Description DataEase is an open source data visualization analysis tool where users can modify data, and data sources are expected to sanitize data properly. However, the AWS redshift data source does not provide data sanitization, which may lead to remote code execution.

Recommendations For versions prior to 1.18.5, upgrade to version 1.18.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the AWS redshift data source until the upgrade is applied.

Exploit

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CVE-2023-28637

GHSA-8WG2-9GWC-5FX2

Produtos afetados

Dataease

PT-2023-21865 · Dataease · Dataease

CVE-2023-28637

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5