Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Anchore Enterprise GraphQL Reports API SQL injection
Vulnerability Description
Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Anchore Enterprise SQL注入漏洞
Vulnerability Description
Anchore Enterprise是美国Anchore公司的一款容器镜像安全分析与合规管理的平台。 Anchore Enterprise 5.25.1之前版本存在SQL注入漏洞,该漏洞源于GraphQL Reports API存在SQL注入,可能导致数据库数据被修改。
CVSS Information
N/A
Vulnerability Type
N/A