Description
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
Remediation
References
https://github.com/dataease/dataease/issues/2430
Related Vulnerabilities
CVE-2021-43466 Vulnerability in maven package org.thymeleaf:thymeleaf-spring5
CVE-2020-15256 Vulnerability in maven package org.webjars.npm:object-path
CVE-2021-32851 Vulnerability in npm package mind-elixir
CVE-2021-21316 Vulnerability in npm package less-openui5
CVE-2021-39153 Vulnerability in maven package com.thoughtworks.xstream:xstream