Vulnerability Description
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dataease | Dataease | < 1.18.5 |
Related Weaknesses (CWE)
References
- https://github.com/dataease/dataease/issues/4795ExploitIssue TrackingVendor Advisory
- https://github.com/dataease/dataease/releases/tag/v1.18.5Release Notes
- https://github.com/dataease/dataease/security/advisories/GHSA-7j7j-9rw6-3r56ExploitVendor Advisory
- https://github.com/dataease/dataease/issues/4795ExploitIssue TrackingVendor Advisory
- https://github.com/dataease/dataease/releases/tag/v1.18.5Release Notes
- https://github.com/dataease/dataease/security/advisories/GHSA-7j7j-9rw6-3r56ExploitVendor Advisory
FAQ
What is CVE-2023-28437?
CVE-2023-28437 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known ...
How severe is CVE-2023-28437?
CVE-2023-28437 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-28437?
Check the references section above for vendor advisories and patch information. Affected products include: Dataease Dataease.