CVE-2024-47073

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47073

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47073.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-47073

Aliases

GHSA-5jr4-wrm2-xj36

Published

2024-11-07T17:31:23.535Z

Modified

2025-12-01T12:34:25.440986Z

Severity

9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Dataease arbitrary interface access vulnerability

Details

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47073.json",
    "cwe_ids": [
        "CWE-347"
    ]
}

References

Affected packages

Git / github.com/dataease/dataease

Affected ranges

Type: GIT
Repo: https://github.com/dataease/dataease
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

dccb7cf72522ab67e6a6561f1a8adc75864c5ab0

Affected versions

v1.*

v1.0.0

v1.0.0-rc1

v1.0.0-rc2

v1.11.0

v1.11.1

v1.2.0

v1.3.0

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.8.0

v1.9.0

v2.*

v2.10.0

v2.10.1

v2.2.0

v2.3.0

v2.4.0

v2.6.0

v2.9.0