Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Databroker 0.6.1 PublishValue missing data_point panic
Vulnerability Description
In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional data_point field in PublishValueRequest. When a request contains a valid signal_id but omits data_point, the server directly calls unwrap() on request.data_point, triggering a panic in the Tokio worker thread. This issue can be triggered by any client holding a valid JWT token. Unauthenticated or invalid-token requests are rejected and do not reach the vulnerable path. The panic causes the individual gRPC call to be cancelled but does not terminate the Databroker process, which remains available for subsequent requests.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
Eclipse kuksa 输入验证错误漏洞
Vulnerability Description
Eclipse kuksa是美国Eclipse基金会的一个车辆数据服务平台。 Eclipse kuksa 0.6.1版本存在输入验证错误漏洞,该漏洞源于kuksa.val.v2.VAL/PublishValue gRPC处理程序未能验证PublishValueRequest中可选data_point字段的存在,当持有有效JWT令牌的客户端发送包含有效signal_id但缺少data_point的请求时,服务器直接调用unwrap(),导致Tokio工作线程崩溃。
CVSS Information
N/A
Vulnerability Type
N/A