VYPR
Unrated severityNVD Advisory· Published May 10, 2024· Updated Aug 2, 2024

Arbitrary File Reading in DataEase

CVE-2024-31441

Description

DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dataease/Dataeasellm-fuzzy2 versions
    <1.18.19+ 1 more
    • (no CPE)range: <1.18.19
    • (no CPE)range: < 1.18.19

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.