Lucene search
K

8 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-528 Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.9CVSS6.3AI score0.00281EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.13 views

CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS6.4AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 6:16 p.m.11 views

CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS0.00301EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 5:21 p.m.59 views

CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 5:21 p.m.11 views

CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS6.4AI score0.00301EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 4:44 p.m.11 views

CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API

A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...

9.4CVSS6AI score0.00281EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 4:44 p.m.4 views

GHSA-6J7P-QJHG-9947 Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

9.9CVSS6.7AI score0.00301EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38087

Name of the Vulnerable Software and Affected Versions Rucio versions 1.30.0 through 35.8.4 Rucio versions 38.x through 38.5.4 Rucio versions 39.x through 39.4.1 Rucio versions 40.x through 40.1.0 Description An issue exists in the FilterEngine.create postgres query function where authenticated...

9.9CVSS6.6AI score0.00301EPSS
Exploits0References8
Rows per page
Query Builder