VYPR
Medium severity5.4OSV Advisory· Published Mar 10, 2025· Updated Jun 17, 2026

CVE-2024-52812

CVE-2024-52812

Description

LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule id parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim's browser. Version 2.0.8 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/lf-edge/ekuiper/v2Go
< 2.0.82.0.8
github.com/lf-edge/ekuiperGo
<= 1.14.7

Affected products

4

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.