CVE-2025-53006— Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection. Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11.

N/A

替代符号转义处理不恰当

DataEase 安全漏洞

DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势，从而实现业务的改进与优化。 DataEase 2.10.11之前版本存在安全漏洞，该漏洞源于PostgreSQL和Redshift中参数处理不当。

N/A

N/A