Описание
Dataease before 1.11.2 allows arbitrary code execution via crafter plugin
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Version 1.11.2 contains a patch for the problem.
Пакеты
Наименование
io.dataease:dataease-plugin-common
maven
Затронутые версииВерсия исправления
<= 1.11.1
1.11.2
Связанные уязвимости
CVSS3: 9.8
nvd
больше 3 лет назад
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.