CVE-2024-57971 Information

Description

DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.

Reference

https://github.com/KnowageLabs/Knowage-Server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d83dd0c https://github.com/KnowageLabs/Knowage-Server/compare/v8.1.29…v8.1.30 https://spagobi.readthedocs.io