Apache SkyWalking is vulnerable to SQL injection. The function getLinearIntValues
in H2MetricsQueryDAO.java
does not sanitize the user-provided ID parameter to the SQL query StringBuilder when H2/MySQL/TiDB
is used as storage, allowing an attacker to provide arbitrary string to construct malicious SQL statements.
CPE | Name | Operator | Version |
---|---|---|---|
storage-jdbc-hikaricp-plugin | eq | 7.0.0 | |
storage-jdbc-hikaricp-plugin | le | 6.6.0 |