Medium severity5.4OSV Advisory· Published Mar 10, 2025· Updated Jun 17, 2026
CVE-2024-52812
CVE-2024-52812
Description
LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule id parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim's browser. Version 2.0.8 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/lf-edge/ekuiper/v2Go | < 2.0.8 | 2.0.8 |
github.com/lf-edge/ekuiperGo | <= 1.14.7 | — |
Affected products
4- ghsa-coords3 versionspkg:golang/github.com/lf-edge/ekuiperpkg:golang/github.com/lf-edge/ekuiper/v2pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
<= 1.14.7+ 2 more
- (no CPE)range: <= 1.14.7
- (no CPE)range: < 2.0.8
- (no CPE)range: < 0.0.20250313T170021-1.1
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-6hrw-x7pr-4mp8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-52812ghsaADVISORY
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.gonvdWEB
- github.com/lf-edge/ekuiper/releases/tag/v2.0.8nvdWEB
- github.com/lf-edge/ekuiper/security/advisories/GHSA-6hrw-x7pr-4mp8nvdWEB
- pkg.go.dev/vuln/GO-2025-3508ghsaWEB
News mentions
0No linked articles in our index yet.