fix: 修复 DataVisualizationServer ReDoS 漏洞，replaceAll 改为 replace

2026-06-17 04:51:43 +08:00 · 2026-06-16 14:24:48 +08:00
parent 4474e791cb
commit 9c8584e28b
1 changed files with 1 additions and 1 deletions
--- a/core/core-backend/src/main/java/io/dataease/visualization/server/DataVisualizationServer.java
+++ b/core/core-backend/src/main/java/io/dataease/visualization/server/DataVisualizationServer.java
@@ -926,7 +926,7 @@ public class DataVisualizationServer implements DataVisualizationApi {
            String componentData = newDv.getComponentData();
            // componentData viewId 数据  并保存
            for (CoreChartView viewInfo : viewList) {
-                componentData = componentData.replaceAll(String.valueOf(viewInfo.getCopyFrom()), String.valueOf(viewInfo.getId()));
+                componentData = componentData.replace(String.valueOf(viewInfo.getCopyFrom()), String.valueOf(viewInfo.getId()));
            }
            newDv.setComponentData(componentData);
        }