[CVEID]:CVE-2020-9483
[PRODUCT]:Apache SkyWalking
[VERSION]:Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0
[PROBLEMTYPE]:SQL Injection
[DESCRIPTION]: When use H2/MySQL/TiDB as Apache SkyWalking storage, the
metadata query through GraphQL protocol, there is a SQL injection
vulnerability,
which allows to access unpexcted data. Apache SkyWalking
6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the
appropriate
way to set SQL parameters.Sheng Wu 吴晟 Twitter, wusheng1108
