CVE-2022-4860

KBase Metrics methods_upload_user_stats.py upload_user_data sql injection

CVSS 5.5 MEDIUMEPSS 0.6%CWE-89

A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The patch is named 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Productos afectados

KBase · Metrics

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/kbase/metrics/commit/959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d https://github.com/kbase/metrics/pull/77 https://vuldb.com/?ctiid.217059 https://vuldb.com/?id.217059