Vulnerabilities (CVE)

Filtered by vendor Dataease Project Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34114 1 Dataease Project 1 Dataease 2024-02-28 N/A 8.8 HIGH
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
CVE-2022-34112 1 Dataease Project 1 Dataease 2024-02-28 N/A 6.5 MEDIUM
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.
CVE-2022-34115 1 Dataease Project 1 Dataease 2024-02-28 N/A 9.8 CRITICAL
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.