CVE-2023-46575

CRITICAL EPSS 66.3%
Published Nov 24, 20232y ago · Modified Jun 17, 20261w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Nov 24, 2023 2y ago
Last Modified Jun 17, 2026 1w ago

Description

A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
66.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 1

VendorProductVersionRange
layer5meshery* <0.6.179

References 4

  • github.com https://github.com/meshery/meshery/commit/ffe00967acfe4444a5db08ff3a4cafb9adf6013f
    Patch
  • github.com https://github.com/meshery/meshery/compare/v0.6.178...v0.6.179
    Patch
  • github.com https://github.com/meshery/meshery/pull/9372
    Issue Tracking
  • meshery.io https://meshery.io
    Product

Remediation

  • github.com https://github.com/meshery/meshery/commit/ffe00967acfe4444a5db08ff3a4cafb9adf6013f
    Patch
  • github.com https://github.com/meshery/meshery/compare/v0.6.178...v0.6.179
    Patch