CVE-2024-43406: LF Edge eKuiper has a SQL Injection in sqlKvStore
(updated )
A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore.
References
- github.com/advisories/GHSA-r5ph-4jxm-6j9p
- github.com/lf-edge/ekuiper
- github.com/lf-edge/ekuiper/commit/1a9c745649438feaac357d282959687012b65503
- github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p
- github.com/pypa/advisory-database/tree/main/vulns/ekuiper/PYSEC-2024-72.yaml
- nvd.nist.gov/vuln/detail/CVE-2024-43406
Detect and mitigate CVE-2024-43406 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →