CVE-2023-52251

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-52251

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52251.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-52251

Published

2024-01-25T21:15:08.787Z

Modified

2025-11-15T07:05:19.225458Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.

References

Affected packages

Git / github.com/provectus/kafka-ui

Affected ranges

Type: GIT
Repo: https://github.com/provectus/kafka-ui
Events: Introduced

521ba0cb2f63110eb2ed13a7054a4d70238a862a

Last affected

56fa824510d8a35b08e3b42bf6625c846e2ed5a0

Affected versions

charts/kafka-ui-0.*

charts/kafka-ui-0.4.4

charts/kafka-ui-0.4.5

charts/kafka-ui-0.4.6

charts/kafka-ui-0.5.0

charts/kafka-ui-0.5.1

charts/kafka-ui-0.5.2

charts/kafka-ui-0.5.3

charts/kafka-ui-0.5.4

charts/kafka-ui-0.6.0

charts/kafka-ui-0.6.1

charts/kafka-ui-0.6.2

v0.*

v0.4.0

v0.5.0

v0.6.0

v0.6.1

v0.7.0

v0.7.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52251.json"