fix: 【漏洞】Dataease H2 JDBC RCE Bypass

2026-05-16 05:50:45 +08:00 · 2025-06-03 16:29:31 +08:00
parent 7cd046d279
commit dd35752f29
1 changed files with 1 additions and 1 deletions
--- a/core/core-backend/src/main/java/io/dataease/datasource/type/H2.java
+++ b/core/core-backend/src/main/java/io/dataease/datasource/type/H2.java
@@ -19,7 +19,7 @@ public class H2 extends DatasourceConfiguration {

    public String getJdbc() {
        for (String illegalParameter : illegalParameters) {
-            if (jdbc.toUpperCase().contains(illegalParameter)) {
+            if (jdbc.toUpperCase().replace("\\", "").contains(illegalParameter)) {
                DEException.throwException("Has illegal parameter: " + jdbc);
            }
        }