Running-elephant Datart

7 CVEs affecting Running-elephant Datart. Latest disclosed: 2026-02-17. Critical: 1, High: 3.

Top CVEs affecting Running-elephant Datart
CVESeverityScorePublishedSummary
CVE-2025-56819Critical9.82025-09-24An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.
CVE-2025-70828High8.82026-02-17An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration
CVE-2025-56816High8.82025-09-24Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to t…
CVE-2025-56815High7.12025-09-24Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the…
CVE-2024-12994Medium6.32024-12-28A vulnerability was found in running-elephant Datart 1.0.0-rc3. It has been rated as critical. Affected by this issue is the function extractModel of the file…
CVE-2025-70829Medium5.72026-02-17An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string.
CVE-2025-10080Low3.12025-09-08A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/sr…