Dataease

Dataease

82 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.24%
  • Veröffentlicht 07.07.2026 20:41:07
  • Zuletzt bearbeitet 08.07.2026 15:07:37

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the reque...

  • EPSS 0.29%
  • Veröffentlicht 07.07.2026 20:39:23
  • Zuletzt bearbeitet 08.07.2026 15:07:37

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers wh...

  • EPSS 0.27%
  • Veröffentlicht 07.07.2026 20:37:54
  • Zuletzt bearbeitet 08.07.2026 15:07:37

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard ...

  • EPSS 0.27%
  • Veröffentlicht 07.07.2026 20:35:43
  • Zuletzt bearbeitet 09.07.2026 16:16:45

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres() without applying the SQL literal valida...

  • EPSS 0.29%
  • Veröffentlicht 07.07.2026 20:33:26
  • Zuletzt bearbeitet 08.07.2026 15:07:37

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known ...

  • EPSS 0.38%
  • Veröffentlicht 07.07.2026 20:31:12
  • Zuletzt bearbeitet 08.07.2026 15:07:37

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 par...

  • EPSS 0.24%
  • Veröffentlicht 07.07.2026 20:29:19
  • Zuletzt bearbeitet 09.07.2026 16:16:43

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1,...

  • EPSS 0.5%
  • Veröffentlicht 07.07.2026 20:27:28
  • Zuletzt bearbeitet 08.07.2026 15:16:29

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFi...

  • EPSS 0.31%
  • Veröffentlicht 07.07.2026 20:24:56
  • Zuletzt bearbeitet 08.07.2026 15:07:37

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend c...

  • EPSS 0.39%
  • Veröffentlicht 07.07.2026 20:23:08
  • Zuletzt bearbeitet 08.07.2026 15:16:29

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download (/exportCenter/download/{id}), delete (/exportCenter/delete), retry (/exportCenter/retry/{id}), or generate download links (/export...