GCVE - cpe:2.3:a:n/a:datagear:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:datagear:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Datagear (`c3a8fac8-6d59-5669-afb5-d143ffb27a0d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-7552`	vulnerable	2026-06-08 06:58:22.407510	DataGear Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection MEDIUM (6.3) A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of special elements used in an expression language statement. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273697 was assigned to this vulnerability. Published: 2024-08-06T14:31:09.110Z Updated: 2024-08-06T19:30:34.911Z Open on db.gcve.eu Reference links https://vuldb.com/?id.273697 https://vuldb.com/?ctiid.273697 https://vuldb.com/?submit.386413 https://gitee.com/datagear/datagear/issues/IAF3H7	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-7299`	vulnerable	2026-06-08 06:21:57.509378	DataGear resolveSql sql injection MEDIUM (6.3) A vulnerability was found in DataGear up to 4.60. It has been declared as critical. This vulnerability affects unknown code of the file /dataSet/resolveSql. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. Upgrading to version 4.7.0 is able to address this issue. It is recommended to upgrade the affected component. Published: 2024-11-23T13:00:15.959Z Updated: 2024-11-26T19:13:15.271Z Open on db.gcve.eu Reference links https://vuldb.com/?id.285658 https://vuldb.com/?ctiid.285658 https://vuldb.com/?submit.442943 https://github.com/datageartech/datagear/issues/29	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2042`	vulnerable	2026-06-08 06:02:41.301420	DataGear JDBC Server deserialization MEDIUM (6.3) A vulnerability, which was classified as problematic, has been found in DataGear up to 4.7.0/5.1.0. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2023-04-14T09:00:08.369Z Updated: 2024-09-16T14:52:04.936Z Open on db.gcve.eu Reference links https://vuldb.com/?id.225920 https://vuldb.com/?ctiid.225920 https://vuldb.com/?submit.109292 https://github.com/yangyanglo/ForCVE/blob/main/2023-0x06.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1772`	vulnerable	2026-06-08 05:52:37.013665	DataGear Diagram Type cross site scripting LOW (3.5) A vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the component Diagram Type Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224673 was assigned to this vulnerability. Published: 2023-03-31T11:31:04.580Z Updated: 2025-02-11T18:41:55.590Z Open on db.gcve.eu Reference links https://vuldb.com/?id.224673 https://vuldb.com/?ctiid.224673 https://github.com/yangyanglo/ForCVE/blob/main/2023-0x02.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1573`	vulnerable	2026-06-08 05:52:36.133593	DataGear Graph Dataset cross site scripting LOW (3.5) A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. This issue affects some unknown processing of the component Graph Dataset Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-223565 was assigned to this vulnerability. Published: 2023-03-22T15:31:05.188Z Updated: 2024-08-02T05:49:11.693Z Open on db.gcve.eu Reference links https://vuldb.com/?id.223565 https://vuldb.com/?ctiid.223565 https://github.com/yangyanglo/ForCVE/blob/main/2023-0x04.md https://github.com/datageartech/datagear/releases/tag/v1.12.0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1572`	vulnerable	2026-06-08 05:52:36.132999	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1571`	vulnerable	2026-06-08 05:52:36.131697	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.