← volver
CVE-2024-31441

Arbitrary File Reading in DataEase

CVSS 7.5 HIGHEPSS 0.6%CWE-863
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
dataease · dataease

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-7wg6-p5wh