CVE-2024-43406

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lfedge:ekuiper:*:*:*:*:*:*:*:*

History

26 Aug 2024, 18:30

Type Values Removed Values Added
First Time Lfedge
Lfedge ekuiper
CPE cpe:2.3:a:lfedge:ekuiper:*:*:*:*:*:*:*:*
Summary
  • (es) LF Edge eKuiper es un motor liviano de procesamiento de flujo y análisis de datos de IoT que se ejecuta en dispositivos de borde con limitaciones de recursos. Un usuario podría utilizar y explotar la inyección SQL para permitir la ejecución de consultas SQL maliciosas a través del método Get en sqlKvStore. Esta vulnerabilidad se solucionó en 1.14.2.
References () https://github.com/lf-edge/ekuiper/commit/1a9c745649438feaac357d282959687012b65503 - () https://github.com/lf-edge/ekuiper/commit/1a9c745649438feaac357d282959687012b65503 - Patch
References () https://github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p - () https://github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p - Exploit, Vendor Advisory

20 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-20 15:15

Updated : 2024-08-26 18:30


NVD link : CVE-2024-43406

Mitre link : CVE-2024-43406

CVE.ORG link : CVE-2024-43406


JSON object : View

Products Affected

lfedge

  • ekuiper
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')