Unrated severityNVD Advisory· Published May 10, 2024· Updated Aug 2, 2024

Arbitrary File Reading in DataEase

CVE-2024-31441

Description

DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19.

Affected products

Dataease/Dataeasev5
Range: < 1.18.19

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/dataease/dataease/security/advisories/GHSA-h7hj-7wg6-p5whmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000