Description
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.
Remediation
References
https://github.com/dataease/dataease/issues/2428
https://github.com/dataease/dataease/releases/tag/v1.11.2
Related Vulnerabilities
CVE-2022-25839 Vulnerability in npm package url-js
CVE-2021-25941 Vulnerability in npm package deep-override
CVE-2021-4279 Vulnerability in npm package fast-json-patch
CVE-2020-13957 Vulnerability in maven package org.apache.solr:solr-core
CVE-2023-31579 Vulnerability in maven package top.tangyh.basic:lamp-util