Unrated severityNVD Advisory· Published May 10, 2024· Updated Aug 2, 2024
Arbitrary File Reading in DataEase
CVE-2024-31441
Description
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/dataease/dataease/security/advisories/GHSA-h7hj-7wg6-p5whmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.