Vulnerabilities (CVE)

Filtered by vendor Layer5 Subscribe
Filtered by product Meshery
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-46575 1 Layer5 1 Meshery 2024-11-21 N/A 9.8 CRITICAL
A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter
CVE-2021-31856 1 Layer5 1 Meshery 2024-11-21 7.5 HIGH 9.8 CRITICAL
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).