CVE-2024-46985— DataEase has an XXE vulnerability

DataEase has an XXE vulnerability

DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerability has been fixed in v2.10.1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

XML外部实体引用的不恰当限制(XXE)

DataEase 代码问题漏洞

DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势，从而实现业务的改进与优化。 DataEase 2.10.1版本之前存在代码问题漏洞，该漏洞源于DataEase的静态资源上传接口存在XML外部实体注入漏洞。

N/A

N/A