CNNVD-202506-3795 Information
CNNVD ID
CNNVD-202506-3795
Related CVE
- CNNVD Published: 2025-06-30
Description (Chinese)
DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase 2.10.11之前版本存在授权问题漏洞,该漏洞源于sslfactory和sslfactoryarg参数未经验证,可能导致绕过漏洞。
Description (English)
DataEase is an open source data visualization analysis tool for DataEase open sources. To help users quickly analyse data and see business trends, thereby improving and optimizing operations. The previous version of DataEase 2.10.11 had a mandate gap, which stemmed from unverified parameters of sslfactory and sslfactoryarg, which could lead to circumvention.
Hazard Level
Medium
Vulnerability Type
授权问题
Affected Vendor
DataEase
Published
2025-06-30
Last Modified
2026-02-24
References
https://github.com/dataease/dataease/commit/dd35752f298b1a4079d9993b622220d321b0c8a6 https://github.com/dataease/dataease/security/advisories/GHSA-mfg2-qr5c-99pp https://access.redhat.com/security/cve/cve-2025-53004
Patch
https://github.com/dataease/dataease/releases
Share on: