CVE-2023-25807

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 1.18.3

Description The issue concerns the DataEase platform, an open source data visualization and analysis tool. When saving a dashboard, an attacker can modify the saved data to store malicious code. This can lead to the execution of malicious code on the server side when a user accesses the dashboard.

Recommendations For versions prior to 1.18.3, update to version 1.18.3 to resolve the issue. As a temporary workaround, consider restricting access to dashboards to minimize the risk of exploitation. Avoid using the platform's dashboard saving feature until the issue is resolved.