CNNVD-202509-2016 Information
CNNVD ID
CNNVD-202509-2016
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase 2.10.12及之前版本存在代码问题漏洞,该漏洞源于H2数据源实现未验证JDBC URL,可能导致远程代码执行。
Description (English)
DataEase is an open source data visualization analysis tool for DataEase open sources. To help users quickly analyse data and see business trends, thereby improving and optimizing operations. DataEase 2.10.12 and previous versions have a code problem loophole, which results from the non-validation of JDBC URL from H2 data sources, which may result in remote code execution.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
datahub-project
Published
2025-09-15
Last Modified
2026-02-24
References
https://github.com/dataease/dataease/commit/23a45e72a7abc37d5680b0a7cf691b8df378d4ef https://github.com/dataease/dataease/security/advisories/GHSA-23qw-9qrh-9rr8
Patch
https://github.com/dataease/dataease/releases
Share on: