5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
7.8 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.4%
Meshery is vulnerable to SQL Injection. The vulnerability is due to improper handling of the order query parameter in the GetMeshSyncResourcesKinds function, allowing for SQL injection through stacked queries and the ATTACH DATABASE command.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/layer5io/meshery | le | v0.7.21 | |
github.com/layer5io/meshery | le | v0.7.21 |
github.com/meshery/meshery/blob/b331f45c9083d7abf6b90105072b04cd22473de7/server/handlers/meshsync_handler.go#L187
github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13
github.com/meshery/meshery/commit/b55f6064d0c6a965aee38f30281f99da7dc4420c
github.com/meshery/meshery/pull/10207
github.com/meshery/meshery/pull/10280
securitylab.github.com/advisories/GHSL-2024-013_GHSL-2024-014_Meshery
securitylab.github.com/advisories/GHSL-2024-013_GHSL-2024-014_Meshery/
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
7.8 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.4%