Layer5: Security Vulnerabilities
A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter
CVSS Score
9.8
EPSS Score
0.007
Published
2023-11-24
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).
CVSS Score
9.8
EPSS Score
0.835
Published
2021-04-28