Lucene search

GitHub Advisory DatabaseGHSA-GPGJ-XRGW-8MX2

HistoryMay 21, 2024 - 6:31 p.m.

NASA AIT-Core vulnerable to SQL Injection

2024-05-2118:31:24

CWE-89

GitHub Advisory Database

github.com

nasa

ait-core

sql injection

vulnerabilities

software

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

JSON

NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions.

Affected configurations

Vulners

Node

aitcoreRange≤2.5.2

VendorProductVersionCPE
aitcore*cpe:2.3:a:ait:core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ait	core	*	cpe:2.3:a:ait:core::::::::

References

github.com/advisories/GHSA-gpgj-xrgw-8mx2

github.com/NASA-AMMOS/AIT-Core/issues/527

nvd.nist.gov/vuln/detail/CVE-2024-35056

www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

JSON

Related for GHSA-GPGJ-XRGW-8MX2