1.0.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-13	CVE-2022-46478	Deserialization of Untrusted Data vulnerability in Datax-Web Project Datax-Web The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data. network low complexity datax-web-project CWE-502 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.