Description
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.
Remediation
References
https://github.com/dataease/dataease/issues/2431
Related Vulnerabilities
CVE-2022-36092 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2023-37954 Vulnerability in maven package com.sonyericsson.hudson.plugins.rebuild:rebuild
CVE-2022-47105 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2017-14949 Vulnerability in maven package org.restlet.osgi:org.restlet
CVE-2022-35204 Vulnerability in maven package org.webjars.npm:vite