CVE-2024-43406: LF Edge eKuiper has a SQL Injection in sqlKvStore

August 20, 2024

A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore.

References

github.com/advisories/GHSA-r5ph-4jxm-6j9p
github.com/lf-edge/ekuiper
github.com/lf-edge/ekuiper/commit/1a9c745649438feaac357d282959687012b65503
github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p
nvd.nist.gov/vuln/detail/CVE-2024-43406

Detect and mitigate CVE-2024-43406 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →