CVE-2025-62422

High CVSS: 8.7

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in version 2.10.14. No known workarounds exist.

Vendor

Dataease

Product

Dataease

CWE

CWE-89

Yayın Tarihi

2025-10-17 18:15:37

Güncelleme

2025-10-24 13:14:29

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-89 Dataease HIGH Dataease 2025

Referanslar

https://github.com/dataease/dataease/commit/3c52cc26c4cca1000294346cf99a84b25d38bfb2 https://github.com/dataease/dataease/security/advisories/GHSA-54m5-xrw4-mv36

Benzer Kayıtlar

High

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handlin…

Critical

CVE-2026-32137

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasourc…

Medium

CVE-2026-32139

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload…

Critical

CVE-2026-32140

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an…

High

CVE-2026-23958

Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the…

High

CVE-2025-64428

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection.…