제출 #464484: 跑象科技(北京)有限公司 datart 1.0.0-rc.3 Deserialization Vulnerability정보

제목跑象科技(北京)有限公司 datart 1.0.0-rc.3 Deserialization Vulnerability
설명A critical vulnerability was discovered in Datart 1.0.0-rc.3. The issue lies in the datart.server.service.impl.VizServiceImpl class, where controllable parameters are directly deserialized, leading to a deserialization vulnerability. This vulnerability can ultimately be exploited to achieve Remote Code Execution (RCE).
원천⚠️ https://github.com/piqi233/cves/blob/main/readme.md
사용자
 gggggggga (UID 79128)
제출2024. 12. 16. PM 04:29 (2 연령 ago)
모더레이션2024. 12. 27. PM 08:26 (11 days later)
상태수락
VulDB 항목289628 [running-elephant Datart 1.0.0-rc3 File Upload /import extractModel 파일 권한 상승]
포인트들18

이전개요다음

Do you know our Splunk app?

Download it now for free!