CVE-2024-52812: LF Edge eKuiper allows Stored XSS in Rules Functionality
(updated )
Stored Cross-Site Scripting (XSS) vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users’ browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware, impacting user data privacy and application integrity.
References
- github.com/advisories/GHSA-6hrw-x7pr-4mp8
- github.com/lf-edge/ekuiper
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go
- github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go
- github.com/lf-edge/ekuiper/releases/tag/v2.0.8
- github.com/lf-edge/ekuiper/security/advisories/GHSA-6hrw-x7pr-4mp8
- nvd.nist.gov/vuln/detail/CVE-2024-52812
- pkg.go.dev/vuln/GO-2025-3508
Code Behaviors & Features
Detect and mitigate CVE-2024-52812 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →