CVE-2023-28637

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 1.18.5

Description DataEase is an open source data visualization analysis tool where users can modify data, and data sources are expected to sanitize data properly. However, the AWS redshift data source does not provide data sanitization, which may lead to remote code execution.

Recommendations For versions prior to 1.18.5, upgrade to version 1.18.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the AWS redshift data source until the upgrade is applied.