Primary

Context

Dataease JNDI Injection Vulnerability

Vulnerability

Patched

A JNDI injection vulnerability exists in Dataease versions prior to 2.10.17. Although a blacklist was implemented in version 2.10.14 to mitigate this issue, JNDI injection can still be exploited using the iiop, corbaname, and iiopname schemes.

Impact

Exploitation of this vulnerability allows for JNDI injection, which could lead to remote code execution or other malicious actions, depending on the context.

Remediation

Users can upgrade to Dataease version 2.10.17 or later to address this vulnerability.

Added: Nov 20, 2025, 5:17 PM

Updated: Nov 20, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

6.0

remediation

7.7

relevance

1.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

6.0

remediation

7.7

relevance

1.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dataease JNDI Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Dataease

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating