{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T23:00:25.142","vulnerabilities":[{"cve":{"id":"CVE-2024-35181","sourceIdentifier":"security-advisories@github.com","published":"2024-05-27T19:15:08.620","lastModified":"2025-09-02T20:46:23.160","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATTACH DATABASE command. Additionally, attackers may be able to access and modify any data stored in the database, like performance profiles (which may contain session cookies), Meshery application data, or any Kubernetes configuration added to the system. The Meshery project exposes the function `GetMeshSyncResourcesKinds` at the API URL `/api/system/meshsync/resources/kinds`. The order query parameter is directly used to build a SQL query in `meshync_handler.go`. Version 0.7.22 fixes this issue."},{"lang":"es","value":"Meshery es un administrador nativo de la nube de código abierto que permite el diseño y la administración de infraestructura y aplicaciones basadas en Kubernetes. Una vulnerabilidad de inyección SQL en Meshery anterior a la versión 0.7.22 puede provocar la escritura arbitraria de archivos mediante el uso de un payload de consultas apiladas de inyección SQL y el comando ATTACH DATABASE. Además, los atacantes pueden acceder y modificar cualquier dato almacenado en la base de datos, como perfiles de rendimiento (que pueden contener cookies de sesión), datos de la aplicación Meshery o cualquier configuración de Kubernetes agregada al sistema. El proyecto Meshery expone la función `GetMeshSyncResourcesKinds` en la URL de API `/api/system/meshsync/resources/kinds`. El parámetro de consulta de pedido se utiliza directamente para crear una consulta SQL en `meshync_handler.go`. La versión 0.7.22 soluciona este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:layer5:meshery:*:*:*:*:*:*:*:*","versionEndExcluding":"0.7.22","matchCriteriaId":"5B71F3B9-5E19-4BEC-8C97-824E77AD2187"}]}]}],"references":[{"url":"https://github.com/meshery/meshery/blob/b331f45c9083d7abf6b90105072b04cd22473de7/server/handlers/meshsync_handler.go#L187","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/meshery/meshery/commit/b55f6064d0c6a965aee38f30281f99da7dc4420c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/meshery/meshery/pull/10207","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/meshery/meshery/pull/10280","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://securitylab.github.com/advisories/GHSL-2024-013_GHSL-2024-014_Meshery/","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/meshery/meshery/blob/b331f45c9083d7abf6b90105072b04cd22473de7/server/handlers/meshsync_handler.go#L187","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/meshery/meshery/commit/b55f6064d0c6a965aee38f30281f99da7dc4420c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/meshery/meshery/pull/10207","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/meshery/meshery/pull/10280","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://securitylab.github.com/advisories/GHSL-2024-013_GHSL-2024-014_Meshery/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}