What is CVE-2020-9483?

CVE-2020-9483 is a vulnerability in Apache Skywalking. Published 2020-06-30.

Is CVE-2020-9483 known to be exploited?

37 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Skywalking

CVE-2020-9483

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/…

EPSS: 0.941 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a Apache Skywalking — versions Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0

Public proof-of-concept exploits

Neko-chanQwQ/CVE-2020-9483
shanika04/apache_skywalking
0ps/pocassistdb
20142995/nuclei-templates
AMH-glitch/CHWA-LB-IDSDATASET
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
ArrestX/--POC
CLincat/vulcat
DSO-Lab/pocscan

References

github.com/apache/skywalking/pull/4639 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-9483?: CVE-2020-9483 is a vulnerability in Apache Skywalking. Published 2020-06-30.
Is CVE-2020-9483 known to be exploited?: 37 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.