Ryze-Top

**Name of the Vulnerable Software and Affected Versions** Dataease version 1.11.1 **Description** An access control issue in the component "/api/plugin/uninstall" allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. **Recommendations** For Dataease version 1.11.1, update to version 1.11.2 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/plugin/uninstall" endpoint until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** Dataease version 1.11.1 **Description** An issue in the component "/api/plugin/upload" of Dataease allows attackers to execute arbitrary code via a crafted plugin. **Recommendations** For Dataease version 1.11.1, update to version 1.11.2 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/plugin/upload" endpoint until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Dataease versions 1.11.1 **Description** The issue is a SQL injection vulnerability that can be exploited via the `dataSourceId` parameter. This allows an attacker to inject malicious SQL code, potentially leading to unauthorized access or modification of data. Version 1.11.2 contains a fix for this issue. **Recommendations** For Dataease version 1.11.1, update to version 1.11.2 to resolve the issue. As a temporary workaround, consider restricting access to the `dataSourceId` parameter to minimize the risk of exploitation.