Vulnerabilities > Layer5

DATE CVE VULNERABILITY TITLE RISK
2023-11-24 CVE-2023-46575 SQL Injection vulnerability in Layer5 Meshery
A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter
network
low complexity
layer5 CWE-89
critical
9.8
2021-04-28 CVE-2021-31856 SQL Injection vulnerability in Layer5 Meshery 0.5.2
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).
network
low complexity
layer5 CWE-89
7.5