Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL Injection in the KubeClarity REST API
Vulnerability Description
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource `/api/applicationResources` via the following parameter `packageID`. As it can be seen in backend/pkg/database/id_view.go, while building the SQL Query the `fmt.Sprintf` function is used to build the query string without the input having first been subjected to any validation. This vulnerability is fixed in 2.23.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
KubeClarity 安全漏洞
Vulnerability Description
KubeClarity是OpenClarity开源的一个用于检测和管理软件物料清单(SBOM)以及容器映像和文件系统漏洞的工具。 KubeClarity 2.23.1之前版本存在安全漏洞,该漏洞源于KubeClarity REST API中存在SQL注入。
CVSS Information
N/A
Vulnerability Type
N/A