CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-31856

A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.835

EPSS Ranking 99.2%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/layer5io/meshery/pull/2745
https://meshery.io
https://github.com/layer5io/meshery/pull/2745
https://meshery.io

Products affected by CVE-2021-31856

Layer5 » Meshery » Version: 0.5.2

cpe:2.3:a:layer5:meshery:0.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-31856

Products

Pricing

Contact Us