CNNVD-202510-2475 Information
CNNVD ID
CNNVD-202510-2475
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase 2.10.13及之前版本存在SQL注入漏洞,该漏洞源于对接口/de2api/datasetData/tableField中参数tableName的错误操作,可能导致SQL注入攻击。
Description (English)
DataEase is an open source data visualization analysis tool for DataEase open sources. To help users quickly analyse data and see business trends, thereby improving and optimizing operations. DataEase 2.10.13 and previous versions have an injection loophole in SQL, which results from an error in the application of the parameter table name in interface/de2api/datasetData/tableFild, which may lead to an attack on SQL injection.
Hazard Level
High
Vulnerability Type
SQL注入
Published
2025-10-17
Last Modified
2026-02-24
References
https://github.com/dataease/dataease/security/advisories/GHSA-54m5-xrw4-mv36 https://github.com/dataease/dataease/commit/3c52cc26c4cca1000294346cf99a84b25d38bfb2 https://access.redhat.com/security/cve/cve-2025-62422
Patch
https://github.com/dataease/dataease/releases
Share on: