Vulnerabilities > TYK > TYK

DATE CVE VULNERABILITY TITLE RISK
2023-11-07 CVE-2023-42283 SQL Injection vulnerability in TYK 5.0.3
Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.
network
low complexity
tyk CWE-89
critical
 9.8
9.8
2023-11-07 CVE-2023-42284 SQL Injection vulnerability in TYK 5.0.3
Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.
network
low complexity
tyk CWE-89
critical
 9.8
9.8
2021-03-15 CVE-2021-23357 Path Traversal vulnerability in TYK
All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function.
local
low complexity
tyk CWE-22
4.6
4.6