Description
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.
Remediation
References
https://github.com/apache/skywalking/pull/4970
http://www.openwall.com/lists/oss-security/2020/08/05/3
https://lists.apache.org/thread.html/r6f3a934ebc54585d8468151a494c1919dc1ee2cccaf237ec434dbbd6%40%3Cdev.skywalking.apache.org%3E
Related Vulnerabilities
CVE-2016-10665 Vulnerability in npm package herbivore
CVE-2022-0155 Vulnerability in npm package follow-redirects
CVE-2017-7656 Vulnerability in maven package org.eclipse.jetty:jetty-http
CVE-2014-0111 Vulnerability in maven package org.apache.syncope:syncope-core
CVE-2023-40339 Vulnerability in maven package org.jenkins-ci.plugins:config-file-provider