Drun1Baby

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 2.10.9 **Description** DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete Remote Code Execution (RCE) through the backend JDBC link. This issue has been patched in version 2.10.9. **Recommendations** For versions prior to 2.10.9, update to version 2.10.9 to resolve the issue. As a temporary workaround, consider restricting access to the backend JDBC link until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apache DolphinScheduler versions 3.1.0 through 3.2.1 **Description** A file read and write vulnerability exists in Apache DolphinScheduler, allowing authenticated users to illegally access additional resource files. **Recommendations** For Apache DolphinScheduler versions 3.1.0 through 3.2.1, upgrade to version 3.2.2 to fix the issue.