Search for packages
| purl | pkg:maven/io.dataease/dataease-plugin-common@1.11.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4tmn-f9w4-nqcv
Aliases: CVE-2023-40771 GHSA-8rv7-g772-pp3j |
SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. |
Affected by 0 other vulnerabilities. |
|
VCID-hmvg-g1qt-kkgn
Aliases: CVE-2023-32310 GHSA-7hv6-gv38-78wj |
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or interfering with the interface for marking messages read. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4ske-gjf5-1uge | Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin |
CVE-2022-34112
GHSA-c2pj-rr68-pw94 |
| VCID-8qqy-7b2e-xubv | Dataease before 1.11.2 allows arbitrary code execution via crafter plugin |
CVE-2022-34113
GHSA-5469-c5p2-xv5g |
| VCID-dy6h-n9pt-uue8 | SQL Injection found in Dataease |
CVE-2022-34114
GHSA-hmvw-66jm-h9fh |
| VCID-fhy6-qywa-euem | Dataease v1.11.1 SQL Injection via parameter dataSourceId |
CVE-2022-34115
GHSA-vjmr-6pmm-rprf |