9.8

CVE-2023-33963

Exploit

EPSS 2.13%
Veröffentlicht 01.06.2023 16:15:09
Zuletzt bearbeitet 21.11.2024 08:06:18
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

DataEase data source has deserialization vulnerability

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dataease ≫ Dataease Version < 1.18.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.13%	0.841

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/dataease/dataease/releases/tag/v1.18.7

Release Notes

https://github.com/dataease/dataease/security/advisories/GHSA-m26j-gh4m-xh9f

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-33963

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33963

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33963

EUVD