Dataease: >> Dataease >> 2.10.13 Security Vulnerabilities
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in version 2.10.14. No known workarounds exist.
CVSS Score
8.7
EPSS Score
0.0
Published
2025-10-17
Page 3