CVE-2020-9483
N/A
N/A
Summary
Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Apache SkyWalking | Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 | affected |
Weaknesses
- SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.