DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| io.dataease:common(Maven) | 0 | 2.10.1 | N/A |
CVSS Metrics
