CVE-2023-42284

Name of the Vulnerable Software and Affected Versions Tyk Gateway version 5.0.3

Description The issue is related to a lack of protection against SQL query structure exploitation in the Tyk Gateway API implementation. This allows a remote attacker to execute arbitrary SQL queries. Specifically, a blind SQL injection in the api version parameter can be exploited to access and dump the database using a crafted SQL query.

Recommendations For Tyk Gateway version 5.0.3, consider restricting access to the api version parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the api version parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.