Dataease

Dataease

72 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2026-8724

Exploit
  • EPSS -
  • Veröffentlicht 17.05.2026 00:30:10
  • Zuletzt bearbeitet 17.05.2026 02:16:45

A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation results in sql injection. The attack may be launched remote...

8.8

CVE-2026-40901

Exploit
  • EPSS 0.35%
  • Veröffentlicht 16.04.2026 20:57:45
  • Zuletzt bearbeitet 20.04.2026 16:46:41

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3...

8.8

CVE-2026-40900

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.04.2026 20:53:27
  • Zuletzt bearbeitet 20.04.2026 16:46:14

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation t...

6.5

CVE-2026-40899

Exploit
  • EPSS 0.04%
  • Veröffentlicht 16.04.2026 20:16:38
  • Zuletzt bearbeitet 20.04.2026 16:42:13

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto...

8.8

CVE-2026-33207

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.04.2026 19:37:36
  • Zuletzt bearbeitet 20.04.2026 16:41:20

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tab...

9.8

CVE-2026-33122

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.04.2026 19:24:03
  • Zuletzt bearbeitet 20.04.2026 16:40:39

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/d...

8.8

CVE-2026-33121

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.04.2026 18:16:02
  • Zuletzt bearbeitet 20.04.2026 16:37:02

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is use...

8.8

CVE-2026-33084

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.04.2026 18:14:07
  • Zuletzt bearbeitet 20.04.2026 16:36:16

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directl...

8.8

CVE-2026-33083

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.04.2026 17:52:37
  • Zuletzt bearbeitet 20.04.2026 16:35:50

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de...

9.8

CVE-2026-33082

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.04.2026 17:39:37
  • Zuletzt bearbeitet 20.04.2026 16:34:56

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized ...