CNNVD-202601-4588 Information

CNNVD ID

CNNVD-202601-4588

Related CVE

CVE-2026-24815

• CNNVD Published: 2026-01-27

Description (Chinese)

tis是Datavane开源的一个敏捷代码开发平台。 tis v4.3.0之前版本存在安全漏洞，该漏洞源于程序文件XmlFile.Java存在不受限制的危险类型文件上传和不可信数据反序列化。

Description (English)

Tis is an agile code development platform for the open source of Datavane. There was a security loophole in the pre-tis v4.3.0 version, which resulted from the unrestricted uploading of dangerous type files and the back-sequencing of unreliable data in the program file XmlFile.Java.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Datavane

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/datavane/tis/pull/443

Patch

https://github.com/datavane/tis/releases