Andrew Van Fleteren

**Name of the Vulnerable Software and Affected Versions** Anchore Enterprise versions prior to 5.25.1 **Description** Anchore Enterprise is affected by an SQL injection issue in the GraphQL Reports API. An authenticated attacker with access to the GraphQL API can execute arbitrary SQL instructions, potentially modifying data within the Anchore Enterprise database. The vulnerable API endpoint is the GraphQL Reports API. **Recommendations** Update Anchore Enterprise to version 5.25.1 or later.