DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds.
References
Configurations
History
26 Sep 2023, 14:59
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv - Exploit | |
References | (MISC) https://github.com/dataease/dataease/releases/tag/v1.18.11 - Release Notes | |
References | (MISC) https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569 - Patch | |
CPE | cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Dataease
Dataease dataease |
21 Sep 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-21 15:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-40183
Mitre link : CVE-2023-40183
CVE.ORG link : CVE-2023-40183
JSON object : View
Products Affected
dataease
- dataease
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type