io.dataease:dataease-plugin-common

Maven7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting io.dataease:dataease-plugin-commonpage 1 of 1

CVE-2022-34112MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.11.2
2022-07-22
vulnerable: 1.0 ... 1.9.0 (13 versions)
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.
CVE-2022-34113CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.11.2
2022-07-22
vulnerable: 1.0 ... 1.9.0 (13 versions)
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.
CVE-2022-34114HIGHCVSS 8.8EG 8.8✓ Fixed in 1.11.2
2022-07-22
vulnerable: 1.0 ... 1.9.0 (13 versions)
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
CVE-2022-34115CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.11.2
2022-07-22
vulnerable: 1.0 ... 1.9.0 (13 versions)
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.
CVE-2022-39312CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.15.2
2022-10-25
vulnerable: 1.0 ... 1.9.0 (18 versions)
Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the …
CVE-2023-32310HIGHCVSS 8.1EG 8.1✓ Fixed in 1.18.7
2023-06-01
vulnerable: 1.0 ... 1.9.0 (27 versions)
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting ano…
CVE-2023-40771HIGHCVSS 7.5EG 7.5
2023-09-01
vulnerable: 1.0 ... 1.9.0 (30 versions)
SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function.

Check whether io.dataease:dataease-plugin-common is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.dataease:dataease-plugin-common CVEs against the assets you own.

Start Free Scan →