Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
running-elephant Datart API AESUtil.java getTokensecret hard-coded key
Vulnerability Description
A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Datart 安全漏洞
Vulnerability Description
Datart是running-elephant开源的一代数据可视化开放平台。 Datart 1.0.0-rc3及之前版本存在安全漏洞,该漏洞源于datart/security/src/main/java/datart/security/util/AESUtil.java文件使用硬编码密钥。
CVSS Information
N/A
Vulnerability Type
N/A