{"vulnerability": "CVE-2024-55953", "sightings": [{"uuid": "78fc86d3-41f8-45f3-856f-0c018328647d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55953", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113675333560634722", "content": "", "creation_timestamp": "2024-12-18T18:52:16.802535Z"}, {"uuid": "f118ed0a-dacf-45f5-8a15-14223b6f29fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55953", "type": "seen", "source": "https://t.me/cvedetector/13224", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55953 - DataEase Unsandboxed File Deserialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55953 \nPublished : Dec. 18, 2024, 7:15 p.m. | 37\u00a0minutes ago \nDescription : DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T21:13:20.000000Z"}, {"uuid": "bff09c09-fa4d-4c57-b3dd-e51fed107738", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55953", "type": "seen", "source": "https://t.me/cvedetector/20246", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27103 - DataEase File Deserialization Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-27103 \nPublished : March 13, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T19:48:26.000000Z"}, {"uuid": "c7bde799-8bf2-47c9-ab94-4206a615b9d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55953", "type": "seen", "source": "Telegram/epVQzs2fwKyiT0yyPJWGBQPSZ0FdTR1E4s44HAxhoKCkyPtt", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"}]}