Tyk Security Vulnerabilities and Issues — Tyk CVE List

Lucene search

TykTyk

3 matches found

CVE•added 2023/11/07 8:15 a.m.•40 views

CVE-2023-42283

Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.

9.8CVSS9.6AI score0.05313EPSS

Web

CVE•added 2023/11/07 8:15 a.m.•28 views

CVE-2023-42284

Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.

9.8CVSS9.6AI score0.04648EPSS

CVE•added 2021/03/15 5:15 p.m.•26 views

CVE-2021-23357

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this value ...

5.3CVSS4.6AI score0.00047EPSS