DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol to achieve remote code execution. This issue is fixed in version 2.10.24.
Metrics
Affected Vendors & Products
References
History
Tue, 07 Jul 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol to achieve remote code execution. This issue is fixed in version 2.10.24. | |
| Title | DataEase H2 RCE via Zip Protocol & File Dropper Fix bypass | |
| Weaknesses | CWE-434 | |
| References |
|
|
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-07T20:27:28.491Z
Reserved: 2026-06-16T23:52:12.056Z
Link: CVE-2026-55633
No data.
No data.
No data.
OpenCVE Enrichment
No data.