CVE-2020-13921: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

May 7, 2021

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.

References

github.com/advisories/GHSA-grpf-gg7v-5g5h
github.com/apache/skywalking/commit/fb7912c6bdda06a233f4b3e18e71a87d3e4a8951
github.com/apache/skywalking/pull/4970
nvd.nist.gov/vuln/detail/CVE-2020-13921

Detect and mitigate CVE-2020-13921 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →