CVE-2023-33963

CRITICAL

DataEase <1.18.7 - Deserialization

Title source: llm

Description

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.

References (2)

[Release Notes] https://github.com/dataease/dataease/releases/tag/v1.18.7

[Exploit, Vendor Advisory] https://github.com/dataease/dataease/security/advisories/GHSA-m26j-gh4m-xh9f

Scores

CVSS v3 9.8

EPSS 0.0211

EPSS Percentile 83.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

dataease/dataease < 1.18.7

Timeline

Published Jun 01, 2023

Tracked Since Feb 18, 2026