Description

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.

Remediation

References

https://github.com/dataease/dataease/issues/2430

Related Vulnerabilities

CVE-2022-23913 Vulnerability in maven package org.apache.activemq:artemis-core-client

CVE-2018-11693 Vulnerability in npm package node-sass

CVE-2022-43403 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2018-1335 Vulnerability in maven package org.apache.tika:tika-core

CVE-2020-7709 Vulnerability in maven package org.webjars.npm:json-pointer

Severity

Critical

Classification

CWE-89 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Patch Third Party Advisory