SQL Injection Affecting org.dashbuilder:dashbuilder-dataset-sql package, versions [,0.6.0.Beta1)
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
1.32% (86th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGDASHBUILDER-31088
- published 8 Aug 2016
- disclosed 5 Aug 2016
- credit Unknown
Overview
org.dashbuilder:dashbuilder-dataset-sql
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.