Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/dataease/dataease/issues/4795 | Exploit Issue Tracking Vendor Advisory |
https://github.com/dataease/dataease/releases/tag/v1.18.5 | Release Notes |
https://github.com/dataease/dataease/security/advisories/GHSA-7j7j-9rw6-3r56 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-03-24T23:43:15.992Z
Updated: 2023-03-24T23:43:15.992Z
Reserved: 2023-03-15T15:59:10.054Z
Link: CVE-2023-28437
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-03-25T00:15:08.243
Modified: 2023-03-30T19:27:58.343
Link: CVE-2023-28437
JSON object: View
Redhat Information
No data.
CWE