RCE through SQL Injection Vulnerability in Hashicorp's Vault
Hashicorp's Vault is a secure, open-source secrets management tool that stores and provides access to sensitive information like API keys, passwords, and certificates. The Oxeye AppSec platform automatically found a vulnerability in Hashicorp's Vault project without any manual input. In certain conditions, it allows attackers to execute code remotely on the target system through an SQL injection attack.