CVE-2024-29031 | Meshery up to 0.7.16 GetMeshSyncResources order sql injection (GHSL-2023-249)

Posted by Angelo Barbosa | Mar 22, 2024 | CVE

A vulnerability has been found in Meshery up to 0.7.16 and classified as critical. Affected by this vulnerability is the function GetMeshSyncResources. The manipulation of the argument order leads to sql injection.

This vulnerability is known as CVE-2024-29031. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-29031 | Meshery up to 0.7.16 GetMeshSyncResources order sql injection (GHSL-2023-249)

Related Posts

CVE-2024-22226 | Dell Unity up to 5.3 svc_supportassist path traversal (dsa-2024-042)

CVE-2024-0218 | Nozomi Guardian up to 23.4.0 Radius Parser denial of service

CVE-2024-3935 | Eclipse Mosquitto up to 2.0.18 PUBLISH Packet double free (Issue 197)

CVE-2024-44849 | Qualitor up to 8.24 checkAcesso.php unrestricted upload