Medium severity5.4OSV Advisory· Published Mar 10, 2025· Updated Apr 15, 2026
CVE-2024-52812
CVE-2024-52812
Description
LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule id parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim's browser. Version 2.0.8 fixes the issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/lf-edge/ekuiper/v2Go | < 2.0.8 | 2.0.8 |
github.com/lf-edge/ekuiperGo | <= 1.14.7 | — |
Affected products
1Patches
1f204a79b182fVulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
11- github.com/advisories/GHSA-6hrw-x7pr-4mp8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-52812ghsaADVISORY
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/releases/tag/v2.0.8nvdWEB
- github.com/lf-edge/ekuiper/security/advisories/GHSA-6hrw-x7pr-4mp8nvdWEB
- pkg.go.dev/vuln/GO-2025-3508ghsaWEB
News mentions
0No linked articles in our index yet.