A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed an [truncated]
A command injection vulnerability exists in DTStack Taier 1.4.0, specifically within the Runtime.exec function of the REST API component. The vulnerability allows remote attackers to execute arbitrary operating system commands by manipulating the sqlText parameter. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no required privileges, and low impact across confidentiality, [truncated]