DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerability has been fixed in v2.10.1.
References
Link | Resource |
---|---|
https://github.com/dataease/dataease/security/advisories/GHSA-4m9p-7xg6-f4mm | Exploit Vendor Advisory |
Configurations
History
27 Sep 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
First Time |
Dataease
Dataease dataease |
|
CPE | cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:* | |
References | () https://github.com/dataease/dataease/security/advisories/GHSA-4m9p-7xg6-f4mm - Exploit, Vendor Advisory |
26 Sep 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 Sep 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-23 16:15
Updated : 2024-09-27 16:35
NVD link : CVE-2024-46985
Mitre link : CVE-2024-46985
CVE.ORG link : CVE-2024-46985
JSON object : View
Products Affected
dataease
- dataease
CWE
CWE-611
Improper Restriction of XML External Entity Reference