From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Type**: SQL Injection (SQLi) - **Remediation Measures**: - Added input parameter validation and checks in multiple files to ensure correct parameter types and non-null values. - Used `IllegalArgumentException` to throw exceptions for invalid parameters. - Implemented additional parameter validation for specific types of database operations. - **Affected Files**: - `core/core-database/src/main/java/io/dataease/datasource/type/ClickHouseDataSourceType.java` - `core/core-database/src/main/java/io/dataease/datasource/type/DorisDataSourceType.java` - `core/core-database/src/main/java/io/dataease/datasource/type/HiveDataSourceType.java` - `core/core-database/src/main/java/io/dataease/datasource/type/MysqlDataSourceType.java` - `core/core-database/src/main/java/io/dataease/datasource/type/OracleDataSourceType.java` - `core/core-database/src/main/java/io/dataease/datasource/type/PrestoDataSourceType.java` - `core/core-database/src/main/java/io/dataease/datasource/type/SeparatorDataSourceType.java` - `core/core-database/src/main/java/io/dataease/datasource/type/SqlServerDataSourceType.java` - **Key Code Changes**: ```java if (StringUtils.isEmpty(getParameter("type")) || !getParameter("type").equals(OperatorEnum.TEXT.toString())) { throw new IllegalArgumentException("Illegal jdbcUrl: " + getJdbcUrl()); } ``` These changes indicate that the development team has fixed a security vulnerability related to SQL injection by adding parameter validation and exception handling to prevent security issues caused by malicious or invalid inputs.