CVE-2024-29031 HIGH

CVE-2024-29031: Meshery SQL Injection vulnerability

Vendor Meshery

Product meshery

Weakness CWE-89 · SQLi

Published March 21, 2024

Last update August 13, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue.

Key dates

02Disclosure timeline

March 21, 2024 CVE published

August 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-29031

Related vulnerabilities

04Related CVE

CVE-2024-1009 SourceCodester Employee Management System login.php sql injection CVE-2023-6310 SourceCodester Loan Management System deleteBorrower.php delete_borrower sql injection CVE-2025-7172 code-projects Crime Reporting System headlogin.php sql injection CVE-2023-4180 SourceCodester Free Hospital Management System for Small Practices login.php sql injection CVE-2025-5216 PHPGurukul Student Record System login.php sql injection