High severityNVD Advisory· Published Aug 20, 2024· Updated Aug 20, 2024

LF Edge eKuiper has a SQL Injection in sqlKvStore

CVE-2024-43406

Description

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/lf-edge/ekuiperGo	< 1.14.2	1.14.2
ekuiperPyPI	< 1.14.2	1.14.2

Affected products

ghsa-coords2 versions
pkg:golang/github.com/lf-edge/ekuiper pkg:pypi/ekuiper
< 1.14.2+ 1 more
- (no CPE)range: < 1.14.2
- (no CPE)range: < 1.14.2
Lf Edge/Ekuipercpe-rescue
Range: < 1.14.2

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-r5ph-4jxm-6j9pghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-43406ghsaADVISORY
github.com/lf-edge/ekuiper/commit/1a9c745649438feaac357d282959687012b65503ghsax_refsource_MISCWEB
github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9pghsax_refsource_CONFIRMWEB
github.com/pypa/advisory-database/tree/main/vulns/ekuiper/PYSEC-2024-72.yamlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000