Published: 05/08/2020 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache skywalking 7.0.0
apache skywalking 6.5.0
apache skywalking 6.6.0
apache skywalking 8.0.0
apache skywalking 8.0.1

oss-sec mailing list archives   By Date By Thread </form>    [CVE-2020-13921] Apache SkyWalking SQL injection vulnerability after H2/MySQL/TiDB storage option activated <!--X-Subject-Hea ...

Skywalking远程代码执行漏洞验证

SkywalkingRCE-vul Skywalking远程代码执行漏洞，为CVE-2020-9483、CVE-2020-13921修复不完善遗留注入点，可被进一步了利用执行代码。漏洞地址： githubcom/apache/skywalking/pull/6246/files mpweixinqqcom/s/hB-r523_4cM0jZMBOt6Vhw 环境 Skywalking测试环境JDK18，恶意类为JDK17编译。

CWE-89 https://github.com/apache/skywalking/pull/4970 http://www.openwall.com/lists/oss-security/2020/08/05/3 https://lists.apache.org/thread.html/r6f3a934ebc54585d8468151a494c1919dc1ee2cccaf237ec434dbbd6%40%3Cdev.skywalking.apache.org%3E https://nvd.nist.gov https://github.com/Veraxy00/SkywalkingRCE-vul http://seclists.org/oss-sec/2020/q3/82

CVE-2020-13921

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect