Lucene search

GoogleOSV:GO-2024-3050

HistoryAug 06, 2024 - 10:40 p.m.

Meshery SQL Injection vulnerability in github.com/layer5io/meshery

2024-08-0622:40:50

Google

osv.dev

meshery

sql injection

vulnerability

github.com/layer5io/meshery

software

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

8.2

Confidence

Low

JSON

Meshery SQL Injection vulnerability in github.com/layer5io/meshery.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/layer5io/meshery before v0.7.22.

References

github.com/advisories/GHSA-9f24-jrv4-f8g5

github.com/meshery/meshery/blob/b331f45c9083d7abf6b90105072b04cd22473de7/server/handlers/meshsync_handler.go#L187

github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13

github.com/meshery/meshery/commit/b55f6064d0c6a965aee38f30281f99da7dc4420c

github.com/meshery/meshery/pull/10207

github.com/meshery/meshery/pull/10280

nvd.nist.gov/vuln/detail/CVE-2024-35181

securitylab.github.com/advisories/GHSL-2024-013_GHSL-2024-014_Meshery

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

8.2

Confidence

Low

JSON

Related for OSV:GO-2024-3050