CVE-2020-13921

9.8CRITICAL

Key Information:

Vendor
Apache
Status
Apache Skywalking
Vendor
CVE Published:
5 August 2020

Summary

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.

Affected Version(s)

Apache SkyWalking Apache SkyWalking 6.5.0, 6.6.0, 7.0.0, 8.0.0, 8.0.1

References

https://github.com/apache/skywalking/pull/4970
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2020/08/05/3
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6f3a934ebc54585d846...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.