CNNVD-202511-2316 Information
CNNVD ID
CNNVD-202511-2316
Related CVE
- CNNVD Published: 2025-11-20
Description (Chinese)
DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 Dataease 2.10.17之前版本存在注入漏洞,该漏洞源于JNDI注入漏洞,可能导致远程代码执行。
Description (English)
DataEase is an open source data visualization analysis tool for DataEase open sources. To help users quickly analyse data and see business trends, thereby improving and optimizing operations. There was an injection loophole in the pre-Dataease 2.10.17 version, which originated in a JNDI injection loophole that could lead to remote code implementation.
Hazard Level
Medium
Vulnerability Type
注入
Published
2025-11-20
Last Modified
2026-02-24
References
https://github.com/dataease/dataease/commit/b7e585c1cc3fc2b73cb289b8680b4b3914be3d53 https://github.com/dataease/dataease/releases/tag/v2.10.17 https://github.com/dataease/dataease/security/advisories/GHSA-88ph-3236-2m2h
Patch
https://dataease.cn/desktop/index.html
Share on: