DataEase open-source data visualization platform bundles vulnerable legacy libraries that enable insecure deserialization of untrusted data. An authenticated attacker with write access to the Quartz job table can inject a malicious deserialization gadget chain payload. When the scheduled job triggers, the payload executes arbitrary code as root on the affected server, leading to full system compromise.
Remediation
Upgrade DataEase to version 2.10.21 or later to resolve this vulnerability. Restrict untrusted access to the DataEase application and its underlying database until patching is completed.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.