CVE-2025-53006 Information

Jul 04, 2025 cve

Description

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11 in both PostgreSQL and Redshift apart from parameters like \socketfactory\ and \socketfactoryarg\ there are also \sslfactory\ and \sslfactoryarg\ with similar functionality. The difference lies in that \sslfactory\ and related parameters need to be triggered after establishing the connection. Other similar parameters include \sslhostnameverifier\ \sslpasswordcallback\ and uthenticationPluginClassName. This issue has been patched in 2.10.11.

Reference

https://github.com/dataease/dataease/security/advisories/GHSA-q726-5pr9-x7gm

CNNVD-202507-147 (Published: 2025-07-02)

Share on:

CVE-2025-53006 Information

Description

Reference

Related CNNVD