[io.dataease:dataease-plugin-common] Dataease before 1.11.2 allows arbitrary code execution via crafter plugin

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Version 1.11.2 contains a patch for the problem.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-34113
• https://github.com/dataease/dataease/issues/2431
• https://github.com/dataease/dataease/releases/tag/v1.11.2
• https://github.com/advisories/GHSA-5469-c5p2-xv5g