Go modules package
github.com/lf-edge/ekuiper
pkg:golang/github.com/lf-edge/ekuiper
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54379 | — | <= 1.14.7 | — | Jul 24, 2025 | LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauth | ||
| CVE-2024-52290 | — | <= 1.14.7 | — | May 14, 2025 | LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`con | ||
| CVE-2024-52812 | Med | 5.4 | <= 1.14.7 | — | Mar 10, 2025 | LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to | |
| CVE-2024-43406 | — | < 1.14.2 | 1.14.2 | Aug 20, 2024 | LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in |
- CVE-2025-54379Jul 24, 2025affected <= 1.14.7
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauth
- CVE-2024-52290May 14, 2025affected <= 1.14.7
LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`con
- affected <= 1.14.7
LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to
- CVE-2024-43406Aug 20, 2024affected < 1.14.2fixed 1.14.2
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in