oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2020-13921] Apache SkyWalking SQL injection vulnerability after H2/MySQL/TiDB storage option activated.

From: Sheng Wu <wusheng () apache org>
Date: Wed, 5 Aug 2020 20:59:26 +0800
[CVEID]:CVE-2020-13921
[PRODUCT]:Apache SkyWalking
[VERSION]:Apache SkyWalking 6.5.0, 6.6.0, 7.0.0, 8.0.0, 8.0.1
[PROBLEMTYPE]:SQL Injection
[REFERENCES]:https://github.com/apache/skywalking/pull/4970
[DESCRIPTION]:**Resolved** Only when using H2/MySQL/TiDB as Apache
SkyWalking storage,  there is a SQL injection vulnerability in the wildcard
query cases.
[ASSIGNINGCNA]: Apache Software Foundation

Sheng Wu 吴晟
Twitter, wusheng1108
Previous By Date Next
Previous By Thread Next

Current thread: