Ph0Ebus

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 2.10.10 DataEase version 2.10.6 through 2.10.9 **Description** The issue allows authenticated users to read and deserialize arbitrary files through the background JDBC connection due to a bypass of a previous patch. **Recommendations** For versions prior to 2.10.10, update to version 2.10.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the background JDBC connection until a patch is available.

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 2.10.10 **Description** A bypass of the patch for a previous issue exists, allowing for the construction of a malicious JDBC statement. In a malicious payload, the `getUrlType()` function retrieves the `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. This allows the payload to be directly concatenated at the replace location. **Recommendations** For versions prior to 2.10.10, update to version 2.10.10 to resolve the issue. As a temporary workaround, consider restricting the use of the `getUrlType()` function until the patch is applied. Avoid using the `hostName` variable in the affected JDBC statement until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 2.10.10 **Description** The issue concerns ineffective secret verification in DataEase, allowing a user to forge a JWT token using any secret. This could potentially lead to unauthorized access. The problem has been fixed in version 2.10.10. **Recommendations** For versions prior to 2.10.10, update to version 2.10.10 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application that rely on secret verification until the update can be applied.