Headline
GHSA-5469-c5p2-xv5g: Dataease before 1.11.2 allows arbitrary code execution via crafter plugin
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Version 1.11.2 contains a patch for the problem.
Dataease before 1.11.2 allows arbitrary code execution via crafter plugin
High severity GitHub Reviewed Published Jul 23, 2022 • Updated Jul 27, 2022
Related news
CVE-2022-34113: [Bug]普通用户可上传插件至任意代码执行 · Issue #2431 · dataease/dataease
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.