CNNVD-202511-709 Information

CNNVD ID

CNNVD-202511-709

Related CVE

CVE-2025-64164

• CNNVD Published: 2025-11-06

Description (Chinese)

DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势，从而实现业务的改进与优化。 DataEase 2.10.14及之前版本存在代码问题漏洞，该漏洞源于建立JDBC连接时未正确过滤，可能导致JNDI注入攻击。

Description (English)

DataEase is an open source data visualization analysis tool for DataEase open sources. To help users quickly analyse data and see business trends, thereby improving and optimizing operations. DataEase 2.10.14 and previous versions had a code problem loophole, which stemmed from the incorrect filtering of JDBC connections and could lead to JNDI injection attacks.

Hazard Level

Low

Vulnerability Type

代码问题

Affected Vendor

DataEase

Published

2025-11-06

Last Modified

2026-02-24

References

https://github.com/dataease/dataease/commit/7b68eb3dfccbbd12ec977e6320dbd3e32a7bbfe6 https://github.com/dataease/dataease/releases/tag/v2.10.15 https://github.com/dataease/dataease/security/advisories/GHSA-q754-4pc2-wjqw https://access.redhat.com/security/cve/cve-2025-64164

Patch

https://github.com/dataease/dataease/releases