### [CVE-2024-49588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49588)
![](https://img.shields.io/static/v1?label=Product&message=com.palantir.srx.prometheus.sls-oracle-sidecar%3Asls-oracle-sidecar&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%3C%200.544.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20product%20constructs%20all%20or%20part%20of%20an%20SQL%20command%20using%20externally-influenced%20input%20from%20an%20upstream%20component%2C%20but%20it%20does%20not%20neutralize%20or%20incorrectly%20neutralizes%20special%20elements%20that%20could%20modify%20the%20intended%20SQL%20command%20when%20it%20is%20sent%20to%20a%20downstream%20component.&color=brighgreen)

### Description

Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.

### POC

#### Reference
- https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c

#### Github
No PoCs found on GitHub currently.