CVE-2025-70829
- EPSS 0.03%
- Veröffentlicht 17.02.2026 15:16:19
- Zuletzt bearbeitet 23.02.2026 13:17:08
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string.
CVE-2025-56815
- EPSS 0.16%
- Veröffentlicht 24.09.2025 17:15:41
- Zuletzt bearbeitet 10.10.2025 21:07:03
Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by the user, and lacks strict verification of the file...
CVE-2025-56816
- EPSS 1.49%
- Veröffentlicht 24.09.2025 17:15:41
- Zuletzt bearbeitet 10.10.2025 21:06:27
Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsa...
CVE-2025-56819
- EPSS 7.69%
- Veröffentlicht 24.09.2025 16:15:38
- Zuletzt bearbeitet 10.10.2025 21:30:04
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.