cbcvebase.

Running-Elephant Datart vulnerabilities

7 known vulnerabilities affecting running-elephant/datart.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-56819P2CRITICALCVSS 9.8PoCv1.0.02025-09-24
CVE-2025-56819 [CRITICAL] CWE-78 CVE-2025-56819: An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT conn An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.
nvd
CVE-2025-56816P3HIGHCVSS 8.8v1.0.02025-09-24
CVE-2025-56816 [HIGH] CWE-22 CVE-2025-56816: Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the appli Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load() or loadAs() method without input sanitization. This allows deserialization of attacker-control
nvd
CVE-2025-70828P3HIGHCVSS 8.8v1.0.02026-02-17
CVE-2025-70828 [HIGH] CWE-78 CVE-2025-70828: An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in t An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration
nvd
CVE-2024-12994P3MEDIUMCVSS 6.3v1.0.0-rc32024-12-28
CVE-2024-12994 [MEDIUM] CWE-20 CVE-2024-12994: A vulnerability was found in running-elephant Datart 1.0.0-rc3. It has been rated as critical. Affec A vulnerability was found in running-elephant Datart 1.0.0-rc3. It has been rated as critical. Affected by this issue is the function extractModel of the file /import of the component File Upload. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may b
nvd
CVE-2025-56815P3HIGHCVSS 7.1v1.0.02025-09-24
CVE-2025-56815 [HIGH] CWE-22 CVE-2025-56815: Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the s Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name.
nvd
CVE-2025-70829P4MEDIUMCVSS 5.7v1.0.02026-02-17
CVE-2025-70829 [MEDIUM] CWE-200 CVE-2025-70829: An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string.
nvd
CVE-2025-10080P4LOWCVSS 3.1v1.0.0-rc1v1.0.0-rc2+1 more2025-09-08
CVE-2025-10080 [LOW] CWE-320 CVE-2025-10080: A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The attack is possible to be carried out remotely. The attack i
nvd
Running-Elephant Datart vulnerabilities | cvebase