Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-46575 | 1 Layer5 | 1 Meshery | 2024-02-28 | N/A | 9.8 CRITICAL |
A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter | |||||
CVE-2021-31856 | 1 Layer5 | 1 Meshery | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go). |