Lucene search
+L

84 matches found

Cvelist
Cvelist
added 2022/07/18 11:30 a.m.29 views

CVE-2022-36127 Service unavailability impact in NodeJS agent(version <= 0.5.0)

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...

7.6AI score0.01733EPSS
Exploits0References2
OSV
OSV
added 2022/07/18 11:30 a.m.14 views

CVE-2022-36127 Service unavailability impact in NodeJS agent(version <= 0.5.0)

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...

7.5CVSS7AI score0.01733EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.6 views

Apache SkyWalking 安全漏洞

Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A denial of service vulnerability exists in Apache SkyWalking NodeJS Agent prior to version 0.5.1, which stems from an...

7.5CVSS5.6AI score0.01733EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.4 views

PT-2022-23214

Name of the Vulnerable Software and Affected Versions Apache SkyWalking NodeJS Agent versions prior to 0.5.1 Description The issue causes NodeJS services with the Apache SkyWalking NodeJS Agent installed to become unavailable when the OAP is unhealthy and the NodeJS agent cannot establish a...

7.5CVSS6.8AI score0.01733EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2021/07/19 6:50 a.m.145 views

Exploit for SQL Injection in Apache Skywalking

CVE-2020-9483 PoC of SQL Injection vulCVE-2020-9483,Apache...

7.5CVSS8.5AI score0.34613EPSS
Exploits1
OSV
OSV
added 2021/05/07 3:53 p.m.23 views

GHSA-GRPF-GG7V-5G5H SQL Injection in Apache SkyWalking

Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS9.7AI score0.33478EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/05/07 3:53 p.m.51 views

SQL Injection in Apache SkyWalking

Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS2.6AI score0.33478EPSS
Exploits0References8Affected Software1
Check Point Advisories
Check Point Advisories
added 2020/12/28 12:0 a.m.41 views

Apache SkyWalking Storage SQL Injection (CVE-2020-9483)

An SQL injection vulnerability exists in Apache SkyWalking H2 storage implementation. The vulnerability is due to insufficient validation of the user-supplied input for metadata query through GraphQL protocol...

5CVSS3.4AI score0.34613EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2020/12/28 12:0 a.m.53 views

Apache SkyWalking Storage SQL Injection (CVE-2020-13921)

An SQL injection vulnerability exists in Apache SkyWalking MySQL storage implementation. The vulnerability is due to insufficient validation of the user supplied input for wildcard alarm search query through GraphQL protocol...

7.5CVSS2.8AI score0.33478EPSS
Exploits0
NVD
NVD
added 2020/08/05 2:15 p.m.39 views

CVE-2020-13921

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS9.7AI score0.33478EPSS
Exploits0References3
OSV
OSV
added 2020/08/05 2:15 p.m.26 views

CVE-2020-13921

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS9.7AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2020/08/05 2:15 p.m.4 views

fastapi-skywalking-middleware (>=0.1.0 <=0.2.0), fastapi-skywalking-trace (=0.0.1) +3 more potentially affected by CVE-2020-13921 via apache-skywalking (>=1.0.1 <=1.2.0)

apache-skywalking PYPI version =1.0.1, =0.1.0, =0.0.12, =0.1.1, =2024080701.0.0, =20250116003.0.0 Source cves: CVE-2020-13921 Source advisory: OSV:PYSEC-2020-342...

9.8CVSS7.2AI score0.33478EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/08/05 2:15 p.m.4 views

linker-atom (>=0.0.22 <=0.0.26), sanic-skywalking-middleware (>=1.0.0 <=1.0.1) +2 more potentially affected by CVE-2020-13921 via apache-skywalking (>=0.1.0 <=0.8.0)

apache-skywalking PYPI version =0.1.0, =0.0.22, =1.0.0, =0.0.3, =0.0.2, =0.0.6 Source cves: CVE-2020-13921 Source advisory: OSV:PYSEC-2020-342...

9.8CVSS7.2AI score0.33478EPSS
Exploits0
PyPA
PyPA
added 2020/08/05 2:15 p.m.11 views

PYSEC-2020-342

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS8.1AI score0.33478EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/08/05 2:15 p.m.14 views

PYSEC-2020-342

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS7.3AI score0.33478EPSS
Exploits0References3
Prion
Prion
added 2020/08/05 2:15 p.m.21 views

Sql injection

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

7.5CVSS9.7AI score0.33478EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/08/05 1:25 p.m.100 views

CVE-2020-13921

The CVE-2020-13921 issue affects Apache SkyWalking when using H2/MySQL/TiDB as the storage backend. The vulnerability is a SQL injection in the wildcard query cases, introduced by insufficient validation of user-supplied input for wildcard alarm searches via GraphQL. Affects the storage-implement...

9.8CVSS9.6AI score0.33478EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2020/07/01 3:9 a.m.42 views

SQL Injection

Apache SkyWalking is vulnerable to SQL injection. The function getLinearIntValues in H2MetricsQueryDAO.java does not sanitize the user-provided ID parameter to the SQL query StringBuilder when H2/MySQL/TiDB is used as storage, allowing an attacker to provide arbitrary string to construct maliciou...

7.5CVSS4.2AI score0.34613EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2020/06/30 3:15 p.m.21 views

CVE-2020-9483

Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...

7.5CVSS0.34613EPSS
Exploits1References1
OSV
OSV
added 2020/06/30 3:15 p.m.24 views

CVE-2020-9483

Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to...

7.5CVSS7.6AI score
Exploits0References1
Rows per page
Query Builder