Headline

CVE-2023-40183: DataEase has a vulnerability to obtain user cookies

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the ImageIO.read() method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds.

1 year ago

CVE

Open in Source

#vulnerability #git #java

Impact

DataEase has a vulnerability to obtain user cookies.

The program only uses the ImageIO.read() method to determine whether the file is an image file or not, there is no whitelisting restriction on file suffixes.
https://github.com/dataease/dataease/blob/dev/backend/src/main/java/io/dataease/service/staticResource/StaticResourceService.java#L41
This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html.
Stealing user cookies by accessing links.
dataease.fit2cloud.com/static-resource/a215fcb0-372d-11ee-88cc-a94af878df74.html

Affected versions: <= 1.18.10

Patches

The vulnerability has been fixed in v1.18.11.

Workarounds

It is recommended to upgrade the version to v1.18.11.

References

If you have any questions or comments about this advisory:

Open an issue in https://github.com/dataease/dataease
Email us at [email protected]