CVE-2022-34113
https://notcve.org/view.php?id=CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Un problema en el componente /api/plugin/upload de Dataease v1.11.1, permite a atacantes ejecutar código arbitrario por medio de un plugin diseñado • https://github.com/dataease/dataease/issues/2431 •
CVE-2022-34115
https://notcve.org/view.php?id=CVE-2022-34115
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. Se descubrió que DataEase v1.11.1 contiene una vulnerabilidad de escritura arbitraria de archivos a través del parámetro dataSourceId • https://github.com/dataease/dataease/issues/2428 https://github.com/dataease/dataease/releases/tag/v1.11.2 • CWE-434: Unrestricted Upload of File with Dangerous Type •