====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN444
_____________________________________________________________________

DATE                : 12/08/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache SkyWalking versions 6.5.0,
                             6.6.0, 7.0.0, 8.0.0, 8.0.1.

=====================================================================
http://mail-archives.apache.org/mod_mbox/skywalking-dev/202008.mbox/%3cCANh7qnS1cJ4t5aVhoCTfnqwCNCs_Uk4yMKkpxJAVBshe1vA==w@mail.gmail.com%3e
_____________________________________________________________________

[CVEID]:CVE-2020-13921
[PRODUCT]:Apache SkyWalking
[VERSION]:Apache SkyWalking 6.5.0, 6.6.0, 7.0.0, 8.0.0, 8.0.1
[PROBLEMTYPE]:SQL Injection
[REFERENCES]:https://github.com/apache/skywalking/pull/4970
[DESCRIPTION]:**Resolved** Only when using H2/MySQL/TiDB as Apache
SkyWalking storage,  there is a SQL injection vulnerability in the
wildcard query cases.
[ASSIGNINGCNA]: Apache Software Foundation

Sheng Wu 吴晟
Twitter, wusheng1108

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================