GHSA-vjmr-6pmm-rprf, CVE-2022-34115
maven/io.dataease/dataease-plugin-common
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.
All versions before 1.11.2
Upgrade to version 1.11.2 or above.
2022-08-09
source |