9.8

CVE-2022-34115

Exploit
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DataeaseDataease Version1.11.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.98% 0.577
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/dataease/dataease/issues/2428
Patch
Third Party Advisory
Exploit
Release Notes
Issue Tracking
https://github.com/dataease/dataease/releases/tag/v1.11.2
Third Party Advisory
Release Notes