84 matches found
CVE-2022-36127 Service unavailability impact in NodeJS agent(version <= 0.5.0)
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...
CVE-2022-36127 Service unavailability impact in NodeJS agent(version <= 0.5.0)
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...
Apache SkyWalking 安全漏洞
Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A denial of service vulnerability exists in Apache SkyWalking NodeJS Agent prior to version 0.5.1, which stems from an...
PT-2022-23214
Name of the Vulnerable Software and Affected Versions Apache SkyWalking NodeJS Agent versions prior to 0.5.1 Description The issue causes NodeJS services with the Apache SkyWalking NodeJS Agent installed to become unavailable when the OAP is unhealthy and the NodeJS agent cannot establish a...
Exploit for SQL Injection in Apache Skywalking
CVE-2020-9483 PoC of SQL Injection vulCVE-2020-9483,Apache...
GHSA-GRPF-GG7V-5G5H SQL Injection in Apache SkyWalking
Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
SQL Injection in Apache SkyWalking
Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
Apache SkyWalking Storage SQL Injection (CVE-2020-9483)
An SQL injection vulnerability exists in Apache SkyWalking H2 storage implementation. The vulnerability is due to insufficient validation of the user-supplied input for metadata query through GraphQL protocol...
Apache SkyWalking Storage SQL Injection (CVE-2020-13921)
An SQL injection vulnerability exists in Apache SkyWalking MySQL storage implementation. The vulnerability is due to insufficient validation of the user supplied input for wildcard alarm search query through GraphQL protocol...
CVE-2020-13921
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
CVE-2020-13921
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
fastapi-skywalking-middleware (>=0.1.0 <=0.2.0), fastapi-skywalking-trace (=0.0.1) +3 more potentially affected by CVE-2020-13921 via apache-skywalking (>=1.0.1 <=1.2.0)
apache-skywalking PYPI version =1.0.1, =0.1.0, =0.0.12, =0.1.1, =2024080701.0.0, =20250116003.0.0 Source cves: CVE-2020-13921 Source advisory: OSV:PYSEC-2020-342...
linker-atom (>=0.0.22 <=0.0.26), sanic-skywalking-middleware (>=1.0.0 <=1.0.1) +2 more potentially affected by CVE-2020-13921 via apache-skywalking (>=0.1.0 <=0.8.0)
apache-skywalking PYPI version =0.1.0, =0.0.22, =1.0.0, =0.0.3, =0.0.2, =0.0.6 Source cves: CVE-2020-13921 Source advisory: OSV:PYSEC-2020-342...
PYSEC-2020-342
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
PYSEC-2020-342
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
Sql injection
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
CVE-2020-13921
The CVE-2020-13921 issue affects Apache SkyWalking when using H2/MySQL/TiDB as the storage backend. The vulnerability is a SQL injection in the wildcard query cases, introduced by insufficient validation of user-supplied input for wildcard alarm searches via GraphQL. Affects the storage-implement...
SQL Injection
Apache SkyWalking is vulnerable to SQL injection. The function getLinearIntValues in H2MetricsQueryDAO.java does not sanitize the user-provided ID parameter to the SQL query StringBuilder when H2/MySQL/TiDB is used as storage, allowing an attacker to provide arbitrary string to construct maliciou...
CVE-2020-9483
Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...
CVE-2020-9483
Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...