Headline
CVE-2022-31196: Release v1.0.7 · vran-dev/databasir
Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl
that returns a non 200
response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.
feature
- 概览表格支持按 name 进行搜索过滤
- 优化差异对比
- 表信息合并多个列
- 审计日志支持按模块筛选
bug-fix
- 修复 SSRF
- 修复表格描述信息为空
Full Changelog: v1.0.6…v1.0.7