Описание
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.
Ссылки
- ExploitIssue TrackingVendor Advisory
- Release Notes
- ExploitVendor Advisory
- ExploitIssue TrackingVendor Advisory
- Release Notes
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.18.5 (исключая)
cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00293
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
EPSS
Процентиль: 52%
0.00293
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89