CNNVD-202509-2031 Information
CNNVD ID
CNNVD-202509-2031
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase 2.10.12及之前版本存在安全漏洞,该漏洞源于DB2 JDBC连接字符串中ldap参数过滤不足,可能导致服务端请求伪造攻击。
Description (English)
DataEase is an open source data visualization analysis tool for DataEase open sources. To help users quickly analyse data and see business trends, thereby improving and optimizing operations. DataEase 2.10.12 and previous versions had a security loophole, which stemmed from the inadequate filtering of ldap parameters in the DB2 JDBC connection string, which could lead to the service requesting a false attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
datahub-project
Published
2025-09-15
Last Modified
2026-02-24
References
https://github.com/dataease/dataease/commit/77078658715bd85af5867afbfd5f1fcc37cf03c8 https://github.com/dataease/dataease/security/advisories/GHSA-fmq3-6xhc-r845
Patch
https://github.com/dataease/dataease/releases
Share on: