CVE-2024-29031

Name of the Vulnerable Software and Affected Versions Meshery versions prior to 0.7.17

Description A SQL injection issue allows a remote attacker to obtain sensitive information via the order parameter of GetMeshSyncResources. This affects Meshery's ability to manage Kubernetes-based infrastructure and applications securely.

Recommendations For versions prior to 0.7.17, update to version 0.7.17 to resolve the issue. As a temporary workaround, consider restricting access to the GetMeshSyncResources function or avoiding the use of the order parameter until the update is applied.