Go modules package
github.com/lf-edge/ekuiper/v2
pkg:golang/github.com/lf-edge/ekuiper/v2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54379 | — | < 2.2.1 | 2.2.1 | Jul 24, 2025 | LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauth | ||
| CVE-2024-52290 | — | < 2.1.0 | 2.1.0 | May 14, 2025 | LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`con | ||
| CVE-2024-52812 | Med | 5.4 | < 2.0.8 | 2.0.8 | Mar 10, 2025 | LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to |
- CVE-2025-54379Jul 24, 2025affected < 2.2.1fixed 2.2.1
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauth
- CVE-2024-52290May 14, 2025affected < 2.1.0fixed 2.1.0
LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`con
- affected < 2.0.8fixed 2.0.8
LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to