CVE-2024-31441

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-31441

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31441.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-31441

Aliases

GHSA-h7hj-7wg6-p5wh

Published

2024-05-10T14:43:23.863Z

Modified

2025-12-05T04:18:37.087140Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Arbitrary File Reading in DataEase

Details

DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31441.json"
}

References

Affected packages

Git / github.com/dataease/dataease

Affected ranges

Type: GIT
Repo: https://github.com/dataease/dataease
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4144eeabaa3ccbacd54e6f37bc3fd8eb61858b44

Affected versions

v1.*

v1.0.0

v1.0.0-rc1

v1.0.0-rc2

v1.11.0

v1.11.1

v1.18.0

v1.18.1

v1.18.10

v1.18.11

v1.18.12

v1.18.13

v1.18.14

v1.18.15

v1.18.16

v1.18.17

v1.18.18

v1.18.2

v1.18.3

v1.18.4

v1.18.5

v1.18.6

v1.18.7

v1.18.8

v1.18.9

v1.2.0

v1.3.0

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.8.0

v1.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31441.json"