Vulnerabilities > Dataease > Dataease > 1.1.1

DATE CVE VULNERABILITY TITLE RISK
2023-02-15 CVE-2021-38239 SQL Injection vulnerability in Dataease
SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.
network
low complexity
dataease CWE-89
7.5
7.5
2022-10-25 CVE-2022-39312 Deserialization of Untrusted Data vulnerability in Dataease
Dataease is an open source data visualization analysis tool.
network
low complexity
dataease CWE-502
critical
 9.8
9.8