VYPR

Taier

by DTStack

Source repositories

CVEs (4)

  • CVE-2024-41579CriDec 5, 2024
    risk 0.64cvss 9.8epss 0.01

    DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability

  • CVE-2023-29860HigJun 23, 2023
    risk 0.49cvss 7.5epss 0.01

    An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method.

  • CVE-2026-9437MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to…

  • CVE-2026-11618HigJun 9, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a…