Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 9:55 p.m.18 views

CVE-2022-24827

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns A column that requires a client provided parameter, and a parameterized column of typ...

8.1CVSS7.5AI score0.01335EPSS
Exploits0References1
CVE
CVE
added 2022/04/11 8:13 p.m.689 views

CVE-2022-24827

Elide (Java) SQL Injection vulnerability (CVE-2022-24827) affects analytic queries that use Parameterized Columns of type TEXT in the Elide Aggregation Data Store. The issue stems from the TEXT parameter handling that can be interpreted as SQL comments (–) after a patch in 6.1.2, allowing bypass ...

8.1CVSS8.3AI score0.01335EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/11 8:13 p.m.7 views

CVE-2022-24827 SQL Injection in elide-datastore-aggregation

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns A column that requires a client provided parameter, and a parameterized column of typ...

8.1CVSS8.3AI score0.01335EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/04/08 10:43 p.m.5 views

com.yahoo.elide:elide-spring-boot-starter (=6.1.3), com.yahoo.elide:elide-standalone (=6.1.3) potentially affected by CVE-2022-24827 via com.yahoo.elide:elide-datastore-aggregation (=6.1.3)

com.yahoo.elide:elide-datastore-aggregation MAVEN version =6.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.yahoo.elide:elide-datastore-aggregation and may be impacted: - com.yahoo.elide:elide-spring-boot-starter =6.1.3 -...

8.1CVSS7.2AI score0.01335EPSS
Exploits0
Rows per page
Query Builder