Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12N2NxLXBxN3YtbWg1ds2Vag
Apache Derby SQL Injection
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
Permalink: https://github.com/advisories/GHSA-v7cq-pq7v-mh5vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12N2NxLXBxN3YtbWg1ds2Vag
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
Identifiers: GHSA-v7cq-pq7v-mh5v, CVE-2006-7217
References:
- https://nvd.nist.gov/vuln/detail/CVE-2006-7217
- http://db.apache.org/derby/releases/release-10.2.1.6.html
- https://github.com/apache/derby/commit/28c633d82a776c90fd1cd835a0b66d1c8916d31a
- https://svn.apache.org/viewvc?view=revision&revision=449869
- https://web.archive.org/web/20090406213028/http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
- https://web.archive.org/web/20200301122517/https://issues.apache.org/jira/browse/DERBY-1858
- https://github.com/advisories/GHSA-v7cq-pq7v-mh5v
Blast Radius: 0.0
Affected Packages
maven:org.apache.derby:derby
Dependent packages: 2,009Dependent repositories: 22,059
Downloads:
Affected Version Ranges: < 10.2.1.6
Fixed in: 10.2.1.6
All affected versions:
All unaffected versions: