Impact
DataEase has database configuration information exposure vulnerability。
Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned.
Affected versions: <= 2.4.1
Patches
The vulnerability has been fixed in v2.5.0.
Workarounds
It is recommended to upgrade the version to v2.5.0.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/dataease/dataease
Email us at wei@fit2cloud.com
Impact
DataEase has database configuration information exposure vulnerability。
Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned.
Affected versions: <= 2.4.1
Patches
The vulnerability has been fixed in v2.5.0.
Workarounds
It is recommended to upgrade the version to v2.5.0.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/dataease/dataease
Email us at wei@fit2cloud.com