Lucene search
ApacheCVELIST:CVE-2020-9483HistoryJun 30, 2020 - 2:28 p.m.
CVE-2020-9483
2020-06-3014:28:35
apache
www.cve.org
0.051 Low
EPSS
Percentile
93.0%
Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don’t use the appropriate way to set SQL parameters.
CNA Affected
[
{
"product": "Apache SkyWalking",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0"
}
]
}
]References
Related
prion
prion
Sql injection
2020-06-30 15:15:00
nuclei
nuclei
SkyWalking SQLI
2021-03-21 04:54:00
osv
osv
CVE-2020-9483
2020-06-30 15:15:10
nvd
nvd
CVE-2020-9483
2020-06-30 15:15:10
checkpoint_advisories
checkpoint_advisories
Apache SkyWalking Storage SQL Injection (CVE-2020-9483)
2020-12-28 00:00:00
githubexploit
githubexploit
Exploit for SQL Injection in Apache Skywalking
2021-07-19 06:50:17
Exploit for SQL Injection in Apache Skywalking
2021-01-06 13:22:32
veracode
veracode
SQL Injection
2020-07-01 03:09:27
cve
cve
CVE-2020-9483
2020-06-30 15:15:10