← Back to CVE List

CVE-2024-39909

Published: 2024-07-12T15:15Z
Last Modified: 2024-11-21T09:28Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource `/api/applicationResources` via the following parameter `packageID`. As it can be seen in backend/pkg/database/id_view.go, while building the SQL Query the `fmt.Sprintf` function is used to build the query string without the input having first been subjected to any validation. This vulnerability is fixed in 2.23.1. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt