CVE-2023-37258
- Source
- https://cve.org/CVERecord?id=CVE-2023-37258
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37258.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-37258
- Aliases
-
- GHSA-r39x-fcc6-47g4
- Published
- 2023-07-25T19:36:14.962Z
- Modified
- 2026-04-10T05:00:29.235450Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- DataEase has a SQL injection vulnerability that can bypass blacklists
- Details
-
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37258.json" }- References
-
- https://github.com/dataease/dataease/blob/dev/backend/src/main/java/io/dataease/controller/panel/AppLogController.java#L41
- https://github.com/dataease/dataease/blob/dev/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37258.json
- https://github.com/dataease/dataease/security/advisories/GHSA-r39x-fcc6-47g4
- https://nvd.nist.gov/vuln/detail/CVE-2023-37258