CVE-2023-33963

Exploit

EPSS 1.6%
Published 01.06.2023 16:15:09
Last modified 21.11.2024 08:06:18
Source security-advisories@github.com
Teams watchlist Login
Open Login

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Dataease ≫ Dataease Version < 1.18.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.6%	0.806

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/dataease/dataease/releases/tag/v1.18.7

Release Notes

https://github.com/dataease/dataease/security/advisories/GHSA-m26j-gh4m-xh9f

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-33963

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33963

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33963

EUVD