CVE-2020-13921

CWE-89SQL Injection6 documents5 sources
Severity
9.8CRITICAL
EPSS
4.5%
top 10.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Skywalking
Timeline
PublishedAug 5
Latest updateJul 24

Description

**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5apache_skywalkingApache SkyWalking 6.5.0, 6.6.0, 7.0.0, 8.0.0, 8.0.1
NVDapache/skywalking5 versions+4

🔴Vulnerability Details

4
OSV
SQL Injection in Apache SkyWalking2021-05-07
GHSA
SQL Injection in Apache SkyWalking2021-05-07
CVEList
CVE-2020-13921: **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases2020-08-05
OSV
CVE-2020-13921: **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases2020-08-05

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Apache SkyWalking GraphQL SQL Injection Inbound (CVE-2020-13921)2021-07-24
CVE-2020-13921 (CRITICAL CVSS 9.8) | **Resolved** Only when using H2/MyS | cvebase.io