Z1Tanuki

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. There is a bypass vulnerability in DataEase's PostgreSQL Data Source JDBC Connection Parameters. The `sslfactory` and `sslfactoryarg` parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11. Recommendations: For versions prior to 2.10.11, update to version 2.10.11 to resolve the issue. As a temporary workaround, consider restricting the use of the `sslfactory` and `sslfactoryarg` parameters in the PostgreSQL Data Source JDBC Connection Parameters until the update is applied.