Search for packages
| purl | pkg:maven/io.dataease/dataease-plugin-common@1.11.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4ske-gjf5-1uge
Aliases: CVE-2022-34112 GHSA-c2pj-rr68-pw94 |
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-4tmn-f9w4-nqcv
Aliases: CVE-2023-40771 GHSA-8rv7-g772-pp3j |
SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. |
Affected by 0 other vulnerabilities. |
|
VCID-8qqy-7b2e-xubv
Aliases: CVE-2022-34113 GHSA-5469-c5p2-xv5g |
Dataease before 1.11.2 allows arbitrary code execution via crafter plugin |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-dy6h-n9pt-uue8
Aliases: CVE-2022-34114 GHSA-hmvw-66jm-h9fh |
SQL Injection found in Dataease |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-fhy6-qywa-euem
Aliases: CVE-2022-34115 GHSA-vjmr-6pmm-rprf |
Dataease v1.11.1 SQL Injection via parameter dataSourceId |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-hmvg-g1qt-kkgn
Aliases: CVE-2023-32310 GHSA-7hv6-gv38-78wj |
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or interfering with the interface for marking messages read. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||