Severity
Medium
Analysis Summary
Apache SkyWalking is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the wildcard query cases, which could allow the attacker to view, add, modify or delete information in the back-end database.
Impact
Data Manipulation
Affected Vendors
Apache
Affected Products
- Apache SkyWalking 6.6.0
- Apache SkyWalking 7.0.0
- Apache SkyWalking 8.0.0
- Apache SkyWalking 8.0.1
- Apache SkyWalking 6.5.0
Remediation
Refer to SkyWalking GIT Repository for patch, upgrade or suggested workaround information.