CNNVD-202509-3825 Information

CNNVD ID

CNNVD-202509-3825

Related CVE

CVE-2025-56815

• CNNVD Published: 2025-09-24

Description (Chinese)

datart是running-elephant开源的一个数据可视化开放平台。 datart 1.0.0-rc.3版本存在安全漏洞，该漏洞源于POST /viz/image接口未严格验证文件名，可能导致目录遍历攻击。

Description (English)

Datart is a data visualizing open-source platform. There is a security loophole in version 1.0.0-rc.3, which stems from the fact that the POST/viz/image interface does not strictly verify the file name, which could lead to a catalogue attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

running-elephant

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/running-elephant/datart/tags https://github.com/xiaoxiaoranxxx/CVE-2025-56815 https://access.redhat.com/security/cve/cve-2025-56815