Sanjana-Sarda

**Name of the Vulnerable Software and Affected Versions** FlyteAdmin versions prior to 1.1.124 **Description** The issue concerns a SQL vulnerability in list endpoints on FlyteAdmin, where a malicious user can send a REST request with custom SQL statements as list filters. This requires the attacker to have access to the FlyteAdmin installation, typically behind a VPN or authentication. **Recommendations** For versions prior to 1.1.124, update to version 1.1.124 or later to resolve the issue. As a temporary workaround, consider restricting access to list endpoints on FlyteAdmin to minimize the risk of exploitation. Restrict access to the FlyteAdmin installation, ensuring it is only accessible behind a VPN or with proper authentication.