CVE-2023-46575

A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter
Configurations

Configuration 1 (hide)

cpe:2.3:a:layer5:meshery:*:*:*:*:*:*:*:*

History

08 Dec 2023, 03:15

Type Values Removed Values Added
Summary A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter. A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter

30 Nov 2023, 05:05

Type Values Removed Values Added
References () https://meshery.io - () https://meshery.io - Product
References () https://github.com/meshery/meshery/compare/v0.6.178...v0.6.179 - () https://github.com/meshery/meshery/compare/v0.6.178...v0.6.179 - Patch
References () https://github.com/meshery/meshery/commit/ffe00967acfe4444a5db08ff3a4cafb9adf6013f - () https://github.com/meshery/meshery/commit/ffe00967acfe4444a5db08ff3a4cafb9adf6013f - Patch
References () https://github.com/meshery/meshery/pull/9372 - () https://github.com/meshery/meshery/pull/9372 - Issue Tracking
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Layer5 meshery
Layer5
CPE cpe:2.3:a:layer5:meshery:*:*:*:*:*:*:*:*
CWE CWE-89

24 Nov 2023, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-24 14:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-46575

Mitre link : CVE-2023-46575

CVE.ORG link : CVE-2023-46575


JSON object : View

Products Affected

layer5

  • meshery
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')