ГлавнаяУязвимости → CVE-2025-64428
9.8критическая

CVE-2025-64428

Описание

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.

Затрагиваемое ПО
Dataease Dataease
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/dataease/dataease/commit/b7e585c1cc3fc2b73cb289b8680b4b3914be3d53https://github.com/dataease/dataease/releases/tag/v2.10.17https://github.com/dataease/dataease/security/advisories/GHSA-88ph-3236-2m2hhttps://github.com/dataease/dataease/security/advisories/GHSA-88ph-3236-2m2h