{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T05:56:44.441","vulnerabilities":[{"cve":{"id":"CVE-2024-39909","sourceIdentifier":"security-advisories@github.com","published":"2024-07-12T15:15:11.393","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource `/api/applicationResources` via the following parameter `packageID`. As it can be seen in backend/pkg/database/id_view.go, while building the SQL Query the `fmt.Sprintf` function is used to build the query string without the input having first been subjected to any validation. This vulnerability is fixed in 2.23.1."},{"lang":"es","value":"KubeClarity es una herramienta para la detección y gestión de listas de materiales de software (SBOM) y vulnerabilidades de imágenes de contenedores y sistemas de archivos. Una inyección SQL booleana/hora está presente en el siguiente recurso `/api/applicationResources` a través del siguiente parámetro `packageID`. Como se puede ver en backend/pkg/database/id_view.go, mientras se construye la consulta SQL, la función `fmt.Sprintf` se utiliza para construir la cadena de consulta sin que la entrada haya sido sometida primero a ninguna validación. Esta vulnerabilidad se solucionó en 2.23.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openclarity/kubeclarity/blob/main/backend/pkg/database/id_view.go#L79","source":"security-advisories@github.com"},{"url":"https://github.com/openclarity/kubeclarity/commit/1d1178840703a72d9082b7fc4aea0a3326c5d294","source":"security-advisories@github.com"},{"url":"https://github.com/openclarity/kubeclarity/security/advisories/GHSA-5248-h45p-9pgw","source":"security-advisories@github.com"},{"url":"https://github.com/openclarity/kubeclarity/blob/main/backend/pkg/database/id_view.go#L79","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/openclarity/kubeclarity/commit/1d1178840703a72d9082b7fc4aea0a3326c5d294","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/openclarity/kubeclarity/security/advisories/GHSA-5248-h45p-9pgw","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}