Lucene search

Veracode Vulnerability DatabaseVERACODE:46013

HistoryMar 26, 2024 - 12:19 p.m.

SQL Injection

2024-03-2612:19:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sql injection

github vulnerability

input validation

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

Low

EPSS

Percentile

15.5%

JSON

github.com/layer5io/meshery is vulnerable to a SQL injection. The vulnerability is due to improper input validation in GetMeshSyncResources function within meshsync_handler.go. This flow allows a remote attacker to obtain sensitive information via the order parameter.

References

github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13

github.com/meshery/meshery/pull/10207

securitylab.github.com/advisories/GHSL-2023-249_Meshery/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for VERACODE:46013