147369.Yjk

**Name of the Vulnerable Software and Affected Versions** Datart versions up to 1.0.0-rc3 **Description** A vulnerability exists in Datart due to the use of a hard-coded cryptographic key within the `getTokensecret` function located in the `datart/security/src/main/java/datart/security/util/AESUtil.java` file of the API component. The issue is remotely exploitable and considered to have high complexity, though exploitation is difficult. The exploit has been publicly disclosed. **Recommendations** Versions prior to 1.0.0-rc3: As a temporary workaround, consider restricting access to the `getTokensecret` function until a patch is available.