com.yahoo.elide:elide-datastore-aggregation is vulnerable to SQL Injection attacks. A specifically crafted query statement through a parameterized TEXT
column allows a malicious user to inject and execute arbitrary SQL queries via the ValueType
enum.
CPE | Name | Operator | Version |
---|---|---|---|
elide data store: aggregation data store | eq | 6.1.3 | |
elide data store: aggregation data store | eq | 6.1.3 |