{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61943?format=json","vulnerability_id":"VCID-dw9k-2d5c-rbae","summary":"Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected.","aliases":[{"alias":"CVE-2024-24213"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24213","reference_id":"","reference_type":"","scores":[{"value":"0.01212","scoring_system":"epss","scoring_elements":"0.79399","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24213"},{"reference_url":"https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24213","reference_id":"CVE-2024-24213","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-19T19:54:51Z/"}],"url":"https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24213"},{"reference_url":"https://app.flows.sh:8443/project/default%2C","reference_id":"default%2C","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-19T19:54:51Z/"}],"url":"https://app.flows.sh:8443/project/default%2C"},{"reference_url":"https://postfixadmin.ballardini.com.ar:8443/project/default/logs/explorer.","reference_id":"explorer.","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-19T19:54:51Z/"}],"url":"https://postfixadmin.ballardini.com.ar:8443/project/default/logs/explorer."},{"reference_url":"https://reference1.example.com/project/default/logs/explorer%2C","reference_id":"explorer%2C","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-19T19:54:51Z/"}],"url":"https://reference1.example.com/project/default/logs/explorer%2C"},{"reference_url":"https://supabase.com/docs/guides/database/overview#the-sql-editor","reference_id":"overview#the-sql-editor","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-19T19:54:51Z/"}],"url":"https://supabase.com/docs/guides/database/overview#the-sql-editor"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.8 - 9.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dw9k-2d5c-rbae"}