Description
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.
Remediation
References
https://github.com/dataease/dataease/issues/2431
Related Vulnerabilities
CVE-2021-26540 Vulnerability in npm package sanitize-html
CVE-2020-28168 Vulnerability in maven package org.webjars.bower:axios
CVE-2022-45398 Vulnerability in maven package org.zeroturnaround:cluster-stats
CVE-2020-6449 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-28487 Vulnerability in maven package org.webjars.npm:vis-timeline