LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction

Summary Multiple path traversal and unsafe path handling vulnerabilities were discovered in eKuiper prior to the fixes implemented in PR lf-edge/ekuiper3911. The issues allow attacker-controlled input rule names, schema versions, plugin names, uploaded file names, and ZIP entries to influence fil...

GHSA-RJ4J-2JPH-GG43 LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction

Summary Multiple path traversal and unsafe path handling vulnerabilities were discovered in eKuiper prior to the fixes implemented in PR lf-edge/ekuiper3911. The issues allow attacker-controlled input rule names, schema versions, plugin names, uploaded file names, and ZIP entries to influence fil...

Stored Cross-site Scripting (XSS)

github.com/lf-edge/ekuiper is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input validation in the rule id parameter, allowing an attacker with modification rights to inject a malicious payload that executes in the victim's browser when the rule is modified...

LF Edge eKuiper allows Stored XSS in Rules Functionality

Summary Stored Cross-Site Scripting XSS vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users' browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware,...

LF Edge eKuiper 安全漏洞

LF Edge eKuiper is an edge lightweight IoT data analytics software from LF Edge open source. A security vulnerability exists in LF Edge eKuiper versions prior to 1.14.2, which originates from a user can leverage SQL injection to execute malicious SQL queries via the Get method in sqlKvStore...