CVE-2022-34115
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in maven/io.dataease/dataease-plugin-common
Identifiers
GHSA-vjmr-6pmm-rprf, CVE-2022-34115
Package Slug
maven/io.dataease/dataease-plugin-common
Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.
Affected Versions
All versions before 1.11.2
Solution
Upgrade to version 1.11.2 or above.
Last Modified
2022-08-09
| source |