GHSA-c2pj-rr68-pw94, CVE-2022-34112
maven/io.dataease/dataease-plugin-common
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.
All versions up to 1.11.1
Upgrade to version 1.11.2 or above.
2022-07-29
source |