GO-2023-2162 SQL Injection in List Endpoints in github.com/flyteorg/flyteadmin

A malicious user can send a REST request to a List endpoint with filters that contain custom SQL statements. This can result in SQL injection...

CVE-2023-41891 FlyteAdmin SQL Injection in List Filters

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

SQL Injection

github.com/flyteorg/flyteadmin is vulnerable to SQL Injection. The vulnerability exists because the custom sql statements are not properly handled which allows an attacker to inject and execute arbitrary sql queries...

Flyte Admin SQL Injection in List Filters

Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...

GHSA-R847-6W6H-R8G4 Flyte Admin SQL Injection in List Filters

Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...