Skip to main content

Skywalking

2 CVEs product

Monthly

CVE-2020-13921 LIB CRITICAL PATCH Act Now

**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Skywalking
NVD GitHub
CVSS 3.1
9.8
EPSS
33.5%
CVE-2020-9483 HIGH POC THREAT This Week

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Skywalking
NVD GitHub
CVSS 3.1
7.5
EPSS
34.6%
EPSS 33% CVSS 9.8
CRITICAL PATCH Act Now

**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Skywalking
NVD GitHub
EPSS 35% CVSS 7.5
HIGH POC THREAT This Week

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Skywalking
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy