CVE-2024-24213
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
08/02/2024
Last modified:
21/08/2024
Description
Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:supabase:postgres:15.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://app.flows.sh:8443/project/default%2C
- https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24213
- https://postfixadmin.ballardini.com.ar:8443/project/default/logs/explorer.
- https://reference1.example.com/project/default/logs/explorer%2C
- https://supabase.com/docs/guides/database/overview#the-sql-editor