GHSA-5469-c5p2-xv5g, CVE-2022-34113
maven/io.dataease/dataease-plugin-common
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.
All versions up to 1.11.1
Upgrade to version 1.11.2 or above.
2022-07-29
source |