VYPR
Critical severityNVD Advisory· Published Sep 23, 2024· Updated Sep 23, 2024

DataEase's H2 datasource has a remote command execution risk

CVE-2024-46997

Description

DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.dataease:commonMaven
< 2.10.12.10.1

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.