CVE-2024-7552

A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of special elements used in an expression language statement. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273697 was assigned to this vulnerability.
References
Link Resource
https://gitee.com/datagear/datagear/issues/IAF3H7 Exploit Issue Tracking
https://vuldb.com/?ctiid.273697 Permissions Required VDB Entry
https://vuldb.com/?id.273697 Third Party Advisory VDB Entry
https://vuldb.com/?submit.386413 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:datagear:datagear:*:*:*:*:*:*:*:*

History

07 Aug 2024, 21:29

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en DataGear hasta 5.0.0. Ha sido declarada crítica. La función evaluaVariableExpression del archivo ConversionSqlParamValueMapper.java del componente Data Schema Page es afectada por esta vulnerabilidad. La manipulación conduce a una neutralización inadecuada de elementos especiales utilizados en una declaración del lenguaje de expresión. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-273697.
CPE cpe:2.3:a:datagear:datagear:*:*:*:*:*:*:*:*
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 8.8
First Time Datagear
Datagear datagear
References () https://gitee.com/datagear/datagear/issues/IAF3H7 - () https://gitee.com/datagear/datagear/issues/IAF3H7 - Exploit, Issue Tracking
References () https://vuldb.com/?ctiid.273697 - () https://vuldb.com/?ctiid.273697 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.273697 - () https://vuldb.com/?id.273697 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.386413 - () https://vuldb.com/?submit.386413 - Third Party Advisory, VDB Entry

06 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 15:15

Updated : 2024-08-07 21:29


NVD link : CVE-2024-7552

Mitre link : CVE-2024-7552

CVE.ORG link : CVE-2024-7552


JSON object : View

Products Affected

datagear

  • datagear
CWE
CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')