Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load() or loadAs() method without input sanitization. This allows deserialization of attacker-controlled YAML content, leading to arbitrary class instantiation. Under certain conditions, this can be exploited to achieve remote code execution (RCE).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
datart 安全漏洞
Vulnerability Description
datart是running-elephant开源的一个数据可视化开放平台。 datart 1.0.0-rc.3版本存在安全漏洞,该漏洞源于配置文件处理不当,可能导致路径遍历和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A