CVE-2024-46997

DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

History

07 Oct 2024, 17:20

Type Values Removed Values Added
First Time Dataease dataease
Dataease
References () https://github.com/dataease/dataease/security/advisories/GHSA-h7mj-m72h-qm8w - () https://github.com/dataease/dataease/security/advisories/GHSA-h7mj-m72h-qm8w - Exploit, Vendor Advisory
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) DataEase es una herramienta de análisis de visualización de datos de código abierto. Antes de la versión 2.10.1, un atacante podía ejecutar comandos de forma remota agregando una cadena de conexión de fuente de datos h2 cuidadosamente construida. La vulnerabilidad se ha corregido en la versión 2.10.1.

23 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-23 16:15

Updated : 2024-10-07 17:20


NVD link : CVE-2024-46997

Mitre link : CVE-2024-46997

CVE.ORG link : CVE-2024-46997


JSON object : View

Products Affected

dataease

  • dataease
CWE
NVD-CWE-noinfo CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')