CVE-2024-31441

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 1.18.19

Description DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading.

Recommendations For versions prior to 1.18.19, update to version 1.18.19 to resolve the issue. As a temporary workaround, consider restricting access to the ClickHouse data source connection parameters until the update is applied.