KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource `/api/applicationResources` via the following parameter `packageID`. As it can be seen in backend/pkg/database/id_view.go, while building the SQL Query the `fmt.Sprintf` function is used to build the query string without the input having first been subjected to any validation. This vulnerability is fixed in 2.23.1.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/openclarity/kubeclarity/backend(Go) | 0 | 0.0.0-20240711173334-1d1178840703 | N/A |
CVSS Metrics
