Lucene search

K
Layer5Meshery

5 matches found

CVE
CVE
added 2021/04/28 6:15 a.m.90 views

CVE-2021-31856

A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).

9.8CVSS9.9AI score0.83467EPSS
CVE
CVE
added 2024/05/27 7:15 p.m.85 views

CVE-2024-35182

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATT...

5.9CVSS5.9AI score0.00034EPSS
CVE
CVE
added 2024/03/21 11:15 p.m.53 views

CVE-2024-29031

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the order parameter of GetMeshSyn...

7.5CVSS7.5AI score0.00445EPSS
CVE
CVE
added 2023/11/24 2:15 p.m.34 views

CVE-2023-46575

A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter

9.8CVSS9.6AI score0.0069EPSS
CVE
CVE
added 2024/07/24 8:15 p.m.33 views

CVE-2024-36535

Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

9.8CVSS7.1AI score0.00194EPSS