14 matches found
CVE-2024-39909
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...
EUVD-2024-2252
Malicious code in bioql PyPI...
SQL Injection
github.com/openclarity/kubeclarity is vulnerable to SQL Injection. The vulnerability is due to manipulating the packageID parameter in the /api/applicationResources endpoint, where the fmt.Sprintf function is used to build the SQL query string without validating the input. It allows an attacker t...
GO-2024-2981 SQL Injection in the KubeClarity REST API in github.com/openclarity/kubeclarity/backend
SQL Injection in the KubeClarity REST API in github.com/openclarity/kubeclarity/backend...
CVE-2024-39909
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...
CVE-2024-39909 SQL Injection in the KubeClarity REST API
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...
CVE-2024-39909 SQL Injection in the KubeClarity REST API
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...
CVE-2024-39909
KubeClarity REST API (github.com/openclarity/kubeclarity) contains a SQL Injection in the /api/applicationResources endpoint, via the packageID parameter. The root cause is the use of fmt.Sprintf to build the SQL query without input validation in backend/pkg/database/id_view.go, enabling time/boo...
CVE-2024-39909 SQL Injection in the KubeClarity REST API
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...
GHSA-5248-H45P-9PGW SQL Injection in the KubeClarity REST API
Summary A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID Details As it can be seen here, while building the SQL Query the fmt.Sprintf function is used to build the query string without the input having first been...
SQL Injection in the KubeClarity REST API
Summary A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID Details As it can be seen here, while building the SQL Query the fmt.Sprintf function is used to build the query string without the input having first been...
KubeClarity Security Vulnerability
KubeClarity is an OpenClarity open source tool for detecting and managing software bill of materials SBOM as well as container image and file system vulnerabilities. A security vulnerability exists in KubeClarity versions prior to 2.23.1 that stems from a SQL injection in the KubeClarity REST API...
PT-2024-28725 · Unknown · Kubeclarity
Name of the Vulnerable Software and Affected Versions: KubeClarity versions prior to 2.23.1 Description: A time/boolean SQL Injection is present in the /api/applicationResources resource via the packageID parameter. The vulnerability occurs because the fmt.Sprintf function is used to build the SQ...
Kubeclarity - Tool For Detection And Management Of Software Bill Of Materials (SBOM) And Vulnerabilities Of Container Images And Filesystems
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective...