Vulnerability Report: GO-2025-3508
- CVE-2024-52812, GHSA-6hrw-x7pr-4mp8
- Affects: github.com/lf-edge/ekuiper, github.com/lf-edge/ekuiper/v2
- Published: Mar 13, 2025
- Unreviewed
LF Edge eKuiper allows Stored XSS in Rules Functionality in github.com/lf-edge/ekuiper
For detailed information about this vulnerability, visit https://github.com/lf-edge/ekuiper/security/advisories/GHSA-6hrw-x7pr-4mp8 or https://nvd.nist.gov/vuln/detail/CVE-2024-52812.
Affected Modules
-
PathGo Versions
-
all versions, no known fixed
-
before v2.0.8
Aliases
References
- https://github.com/lf-edge/ekuiper/security/advisories/GHSA-6hrw-x7pr-4mp8
- https://nvd.nist.gov/vuln/detail/CVE-2024-52812
- https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L681
- https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L716
- https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L735
- https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L794
- https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L809
- https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L824
- https://github.com/lf-edge/ekuiper/releases/tag/v2.0.8
- https://vuln.go.dev/ID/GO-2025-3508.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.