Invia #464484: 跑象科技(北京)有限公司 datart 1.0.0-rc.3 Deserialization Vulnerabilityinformazioni

Titolo跑象科技(北京)有限公司 datart 1.0.0-rc.3 Deserialization Vulnerability
DescrizioneA critical vulnerability was discovered in Datart 1.0.0-rc.3. The issue lies in the datart.server.service.impl.VizServiceImpl class, where controllable parameters are directly deserialized, leading to a deserialization vulnerability. This vulnerability can ultimately be exploited to achieve Remote Code Execution (RCE).
Fonte⚠️ https://github.com/piqi233/cves/blob/main/readme.md
Utente
 gggggggga (UID 79128)
Sottomissione16/12/2024 16:29 (2 anni fa)
Moderazione27/12/2024 20:26 (11 days later)
StatoAccettato
Voce VulDB289628 [running-elephant Datart 1.0.0-rc3 File Upload /import extractModel escalationi di privilegi]
Punti18

PrecedenteVisione D'ensembleIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!