Lucene search

[email protected]NVD:CVE-2024-43406

HistoryAug 20, 2024 - 3:15 p.m.

CVE-2024-43406

2024-08-2015:15:24

CWE-89

[email protected]

web.nvd.nist.gov

iot data analytics

sql injection

edge devices

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.

Affected configurations

Nvd

Node

lfedgeekuiperRange<1.14.2

VendorProductVersionCPE
lfedgeekuiper*cpe:2.3:a:lfedge:ekuiper:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lfedge	ekuiper	*	cpe:2.3:a:lfedge:ekuiper::::::::

References

github.com/lf-edge/ekuiper/commit/1a9c745649438feaac357d282959687012b65503

github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

Related for NVD:CVE-2024-43406

osv4 cvelist1 veracode1 github1 cve1 vulnrichment1