Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/ekuiper@1.11.3

Type pypi

Namespace

Name ekuiper

Version 1.11.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.14.2

Latest_non_vulnerable_version 1.14.2

Affected_by_vulnerabilities

url VCID-au3z-hew1-6ydj

vulnerability_id VCID-au3z-hew1-6ydj

summary LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.

references

reference_url

https://github.com/lf-edge/ekuiper/commit/1a9c745649438feaac357d282959687012b65503

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/lf-edge/ekuiper/commit/1a9c745649438feaac357d282959687012b65503

reference_url

https://github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p

fixed_packages

url	pkg:pypi/ekuiper@1.14.2
purl	pkg:pypi/ekuiper@1.14.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/ekuiper@1.14.2

aliases CVE-2024-43406, GHSA-r5ph-4jxm-6j9p, PYSEC-2024-72

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-au3z-hew1-6ydj

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ekuiper@1.11.3

Package Instance