Home

Description

Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.

PUBLISHED Reserved 2024-10-16 | Published 2024-11-21 | Updated 2024-11-27 | Assigner Palantir




MEDIUM: 6.8CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U

Problem types

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

Product status

* (semver) before 0.544.0
affected

0.347.0 (semver) before *
affected

References

palantir.safebase.us/...b5724367-8b86-436a-8ef2-4480ec41cc2c

cwe.mitre.org/data/definitions/89.html

cve.org (CVE-2024-49588)

nvd.nist.gov (CVE-2024-49588)

Download JSON