You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DataGear is an open-source and free data visualization analysis platform that allows you to freely create any kind of data dashboard you want, supporting access to multiple data sources such as SQL, CSV, Excel, HTTP interface, JSON, etc.
DataGear 5.1.0 and below has a XXE vulnerability, which can exploit this vulnerability disclosing local files in the file system or perform a Server-Side Request Forgery (SSRF).
Unsafe Code
The org/datagear/connection/XmlDriverEntityManager.java#readDriverEntities function parses xml directly without disable DTD (Document Type Definition), and the xml is controllable, leading to XML External Entity.
Description
DataGear is an open-source and free data visualization analysis platform that allows you to freely create any kind of data dashboard you want, supporting access to multiple data sources such as SQL, CSV, Excel, HTTP interface, JSON, etc.
DataGear 5.1.0 and below has a XXE vulnerability, which can exploit this vulnerability disclosing local files in the file system or perform a Server-Side Request Forgery (SSRF).
Unsafe Code
The org/datagear/connection/XmlDriverEntityManager.java#readDriverEntities function parses xml directly without disable DTD (Document Type Definition), and the xml is controllable, leading to XML External Entity.
Steps to Reproduce
Upload a zip file containing the driverEntityInfo.xml file, with the content of driverEntityInfo.xml as follows:
After sending the request, you can see the returned value after XML parsing
The text was updated successfully, but these errors were encountered: