{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "6.5.0" }, { "introduced": "0" }, { "last_affected": "6.6.0" }, { "introduced": "0" }, { "last_affected": "7.0.0" }, { "introduced": "0" }, { "last_affected": "8.0.0" }, { "introduced": "0" }, { "last_affected": "8.0.1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "4d4ca9c5173ea4caad6155e047ace855556f550e" }, { "introduced": "0" }, { "last_affected": "cf6d53c79b9ddb6dfc1cff0d95a2e4dabea9d246" }, { "introduced": "0" }, { "last_affected": "c2e2d4182d5715cce49b6f95670f3fae2f44d0ba" }, { "introduced": "0" }, { "last_affected": "ed6bcb91c2832468fc16945e487a082cae627f88" }, { "introduced": "0" }, { "last_affected": "629040f5abb98110255083a868013a8785c7db05" } ], "repo": "https://github.com/apache/skywalking", "type": "GIT" } ] } ], "details": "**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.", "id": "CVE-2020-13921", "modified": "2026-04-01T23:09:16.629331866Z", "published": "2020-08-05T14:15:12.327Z", "references": [ { "type": "WEB", "url": "https://lists.apache.org/thread.html/r6f3a934ebc54585d8468151a494c1919dc1ee2cccaf237ec434dbbd6%40%3Cdev.skywalking.apache.org%3E" }, { "type": "ADVISORY", "url": "http://www.openwall.com/lists/oss-security/2020/08/05/3" }, { "type": "ADVISORY", "url": "https://github.com/apache/skywalking/pull/4970" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }