icon

We found results for “

CVE-2024-39909

Good to know:

icon

Date: July 12, 2024

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource "/api/applicationResources" via the following parameter "packageID". As it can be seen in backend/pkg/database/id_view.go, while building the SQL Query the "fmt.Sprintf" function is used to build the query string without the input having first been subjected to any validation. This vulnerability is fixed in 2.23.1.

Language: Go

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

icon

Upgrade Version

Upgrade to version github.com/openclarity/kubeclarity/backend - v0.0.0-20240711173334-1d1178840703

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us