CVE-2023-46575: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

November 24, 2023

A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter.

References

github.com/advisories/GHSA-9jjc-grg5-67gj
github.com/meshery/meshery/commit/ffe00967acfe4444a5db08ff3a4cafb9adf6013f
github.com/meshery/meshery/compare/v0.6.178...v0.6.179
github.com/meshery/meshery/pull/9372
meshery.io/
nvd.nist.gov/vuln/detail/CVE-2023-46575

Code Behaviors & Features

Detect and mitigate CVE-2023-46575 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →