Github.Com Layer5Io Meshery vulnerabilities
4 known vulnerabilities affecting github.com/layer5io_meshery.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-35181P3MEDIUM≥ 0, < 0.7.222024-08-05
CVE-2024-35181 [MEDIUM] CWE-89 Meshery SQL Injection vulnerability
Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATTACH DATABASE command. Additionally, attackers may be able to access and modify any data stored in
ghsaosv
CVE-2024-35182P3MEDIUM≥ 0, < 0.7.222024-08-05
CVE-2024-35182 [MEDIUM] CWE-89 Meshery SQL Injection vulnerability
Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATTACH DATABASE command. Additionally, attackers may be able to access and modify any data stored in
ghsaosv
CVE-2023-46575P3CRITICAL≥ 0, < 0.6.1792023-11-24
CVE-2023-46575 [CRITICAL] CWE-89 SQL injection vulnerability in Meshery
SQL injection vulnerability in Meshery
A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter.
ghsaosv
CVE-2024-29031P3HIGH≥ 0, < 0.7.172024-08-05
CVE-2024-29031 [HIGH] CWE-89 Meshery SQL Injection vulnerability
Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue.
ghsaosv