| عنوان | 跑象科技(北京)有限公司 datart 1.0.0-rc.3 Deserialization Vulnerability |
|---|
| الوصف | A critical vulnerability was discovered in Datart 1.0.0-rc.3. The issue lies in the datart.server.service.impl.VizServiceImpl class, where controllable parameters are directly deserialized, leading to a deserialization vulnerability. This vulnerability can ultimately be exploited to achieve Remote Code Execution (RCE). |
|---|
| المصدر | ⚠️ https://github.com/piqi233/cves/blob/main/readme.md |
|---|
| المستخدم | gggggggga (UID 79128) |
|---|
| ارسال | 16/12/2024 04:29 PM (2 سنوات منذ) |
|---|
| الاعتدال | 27/12/2024 08:26 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 289628 [running-elephant Datart 1.0.0-rc3 File Upload /import extractModel ملف تجاوز الصلاحيات] |
|---|
| النقاط | 18 |
|---|