PT-2023-25861 · Dataease · Dataease

Useafter

Publicado

2023-07-25

Atualizado

2023-08-01

CVE-2023-37258

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 1.18.9

Description DataEase is an open source data visualization analysis tool. It has a SQL injection vulnerability that can bypass blacklists.

Recommendations For versions prior to 1.18.9, update to version 1.18.9 to resolve the issue.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2023-37258

GHSA-R39X-FCC6-47G4

Dataease