CVE-2022-34113
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maven/io.dataease/dataease-plugin-common
Identifiers
GHSA-5469-c5p2-xv5g, CVE-2022-34113
Package Slug
maven/io.dataease/dataease-plugin-common
Vulnerability
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Description
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.
Affected Versions
All versions up to 1.11.1
Solution
Upgrade to version 1.11.2 or above.
Last Modified
2022-07-29
| source |