CVE-2024-23328
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2024-23328. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1EPSS Score
v2025.03.14There is a 0.7% chance that this vulnerability will be exploited in the wild within the next 30 days.
Attack Vector Metrics
Impact Metrics
Description
Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is `core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java.` The blacklist of mysql jdbc attacks can be bypassed and attackers can further exploit it for deserialized execution or reading arbitrary files. This vulnerability is patched in 1.18.15 and 2.3.0.