CVE-2024-30269

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.5.0

Description The issue concerns a database configuration information exposure. Visiting the "/de2api/engine/getEngine;.js" API endpoint via a browser reveals the platform's database configuration. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.5.0, upgrade to version 2.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the "/de2api/engine/getEngine;.js" API endpoint until the upgrade is applied.