io.dataease:dataease-plugin-common (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package io.dataease:dataease-plugin-common, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2022-34115 — CVSS 9.8 (critical): DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.
CVE-2022-34113 — CVSS 9.8 (critical): An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.
CVE-2022-39312 — CVSS 9.8 (critical): Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the…
CVE-2022-34114 — CVSS 8.8 (high): Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
CVE-2023-32310 — CVSS 8.1 (high): DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages…
CVE-2023-40771 — CVSS 7.5 (high): SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of…
CVE-2022-34112 — CVSS 6.5 (medium): An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a…