CNNVD-202511-470 Information
CNNVD ID
CNNVD-202511-470
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase 2.10.14版本和2.10.14之前版本存在代码问题漏洞,该漏洞源于缺少对dns协议的保护,可能导致服务端请求伪造。
Description (English)
DataEase is an open source data visualization analysis tool for DataEase open sources. To help users quickly analyse data and see business trends, thereby improving and optimizing operations. DataEase 2.10.14 and previous versions 2.10.14 had a code gap, which stemmed from a lack of protection for dns protocols and could lead to forgery of service-level requests.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
DataEase
Published
2025-11-06
Last Modified
2026-02-24
References
https://github.com/dataease/dataease/commit/869b7fb8b10069ac6c326554bfa8f060a539ba85 https://github.com/dataease/dataease/security/advisories/GHSA-8397-v66p-539m https://github.com/dataease/dataease/releases/tag/v2.10.15 https://access.redhat.com/security/cve/cve-2025-64163
Patch
https://dataease.io/desktop/index.html
Share on: