Layer5 Meshery vulnerabilities
6 known vulnerabilities affecting layer5/meshery.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH3
Vulnerabilities
Page 1 of 1
CVE-2021-31856P1CRITICALCVSS 9.8PoCv0.5.22021-04-28
CVE-2021-31856 [CRITICAL] CWE-89 CVE-2021-31856: A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).
nvd
CVE-2024-35181P3HIGHCVSS 8.1fixed in 0.7.222024-05-27
CVE-2024-35181 [HIGH] CWE-89 CVE-2024-35181: Meshery is an open source, cloud native manager that enables the design and management of Kubernetes
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATTACH DATABASE command. Additionally, attackers may be ab
nvd
CVE-2024-35182P3HIGHCVSS 8.1fixed in 0.7.222024-05-27
CVE-2024-35182 [HIGH] CWE-89 CVE-2024-35182: Meshery is an open source, cloud native manager that enables the design and management of Kubernetes
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATTACH DATABASE command. Additionally, attackers may be ab
nvd
CVE-2023-46575P3CRITICALCVSS 9.8fixed in 0.6.1792023-11-24
CVE-2023-46575 [CRITICAL] CWE-89 CVE-2023-46575: A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacke
A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter
nvd
CVE-2024-36535P3CRITICALCVSS 9.8v0.7.512024-07-24
CVE-2024-36535 [CRITICAL] CWE-284 CVE-2024-36535: Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privi
Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
nvd
CVE-2024-29031P3HIGHCVSS 7.5fixed in 0.7.172024-03-21
CVE-2024-29031 [HIGH] CWE-89 CVE-2024-29031: Meshery is an open source, cloud native manager that enables the design and management of Kubernetes
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for thi
nvd