CVE-2024-23328 | Dataease up to 1.18.14/2.2.x Mysql.java deserialization

Posted by Angelo Barbosa | Feb 1, 2024 | CVE

A vulnerability classified as critical has been found in Dataease up to 1.18.14/2.2.x. This affects an unknown part of the file core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java. The manipulation leads to deserialization.

This vulnerability is uniquely identified as CVE-2024-23328. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-23328 | Dataease up to 1.18.14/2.2.x Mysql.java deserialization

Related Posts

CVE-2024-22729 | Netis MW5360 1.0.1.3031 Login Page password command injection

CVE-2023-50950 | IBM QRadar SIEM 7.5 Email information disclosure (XFDB-275709)

CVE-2023-48220 | Decidim operation after expiration

CVE-2024-27820 | Apple visionOS Web Contents memory corruption