Running-elephant Datart
7 CVEs affecting Running-elephant Datart. Latest disclosed: 2026-02-17. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-56819 | Critical | 9.8 | 2025-09-24 | An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter. |
CVE-2025-70828 | High | 8.8 | 2026-02-17 | An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration |
CVE-2025-56816 | High | 8.8 | 2025-09-24 | Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to t… |
CVE-2025-56815 | High | 7.1 | 2025-09-24 | Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the… |
CVE-2024-12994 | Medium | 6.3 | 2024-12-28 | A vulnerability was found in running-elephant Datart 1.0.0-rc3. It has been rated as critical. Affected by this issue is the function extractModel of the file… |
CVE-2025-70829 | Medium | 5.7 | 2026-02-17 | An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string. |
CVE-2025-10080 | Low | 3.1 | 2025-09-08 | A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/sr… |