CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1.

CWE 1 Total

Learn more

CWE-74: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
9.8	CRITICAL	3.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product Status

Learn more

Versions 1 Total

Default Status: unknown

affected

References 1 Total

github.com: https://github.com/dataease/dataease/security/advisories/GHSA-h7mj-m72h-qm8w
external site

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: GitHub (maintainer security advisories)

Description

CWE 1 Total

CVSS 1 Total

Product Status

References 1 Total

Authorized Data Publishers

CISA-ADP