oss-sec mailing list archives
[CVE-2020-13921] Apache SkyWalking SQL injection vulnerability after H2/MySQL/TiDB storage option activated.
From: Sheng Wu <wusheng () apache org>
Date: Wed, 5 Aug 2020 20:59:26 +0800
[CVEID]:CVE-2020-13921 [PRODUCT]:Apache SkyWalking [VERSION]:Apache SkyWalking 6.5.0, 6.6.0, 7.0.0, 8.0.0, 8.0.1 [PROBLEMTYPE]:SQL Injection [REFERENCES]:https://github.com/apache/skywalking/pull/4970 [DESCRIPTION]:**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. [ASSIGNINGCNA]: Apache Software Foundation Sheng Wu 吴晟 Twitter, wusheng1108
Current thread:
- [CVE-2020-13921] Apache SkyWalking SQL injection vulnerability after H2/MySQL/TiDB storage option activated. Sheng Wu (Aug 05)