CVE-2024-39909: SQL Injection in the KubeClarity REST API
(updated )
A time/boolean SQL Injection is present in the following resource /api/applicationResources
via the following parameter packageID
References
- github.com/advisories/GHSA-5248-h45p-9pgw
- github.com/openclarity/kubeclarity
- github.com/openclarity/kubeclarity/blob/main/backend/pkg/database/id_view.go
- github.com/openclarity/kubeclarity/commit/1d1178840703a72d9082b7fc4aea0a3326c5d294
- github.com/openclarity/kubeclarity/security/advisories/GHSA-5248-h45p-9pgw
- nvd.nist.gov/vuln/detail/CVE-2024-39909
Detect and mitigate CVE-2024-39909 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →