Description
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
Remediation
References
https://github.com/dataease/dataease/issues/2430
Related Vulnerabilities
CVE-2016-10551 Vulnerability in npm package waterline-sequel
CVE-2020-11022 Vulnerability in maven package org.fujion.webjars:jquery
CVE-2022-36045 Vulnerability in npm package nodebb
CVE-2022-1365 Vulnerability in npm package cross-fetch
CVE-2022-21830 Vulnerability in npm package @rocket.chat/livechat