CNNVD-202510-2477 Information
CNNVD ID
CNNVD-202510-2477
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase 2.10.13及之前版本存在代码问题漏洞,该漏洞源于DB2数据源处理程序中HOSTNAME、PORT和DATABASE值直接拼接成JDBC URL而未过滤非法参数,可能导致JDBC URL注入攻击。
Description (English)
DataEase is an open source data visualization analysis tool for DataEase open sources. To help users quickly analyse data and see business trends, thereby improving and optimizing operations. DataEase 2.10.13 and previous versions had a code problem loophole, which stemmed from the direct coupling of HOSTNAME, PORT and DATABASE values into JDBC URLs without filtering illegal parameters in DB2 data source processing, which could lead to JDBC URLs being injected into the attack.
Hazard Level
High
Vulnerability Type
代码问题
Published
2025-10-17
Last Modified
2026-02-24
References
https://github.com/dataease/dataease/commit/bb320e42bf2cf862b9c4b438c1517547b53ed67b https://github.com/dataease/dataease/security/advisories/GHSA-x4x9-mjcf-99r9 https://access.redhat.com/security/cve/cve-2025-62419
Patch
https://github.com/dataease/dataease/releases
Share on: