Uploaded image for project: 'jUDDI (Retired)'
  1. jUDDI (Retired)
  2. JUDDI-903

SQL Injection on JUDDI API service, delete_publisher

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 3.2, 3.2.1
    • 3.3
    • core
    • None

    Description

      There's a potential for SQL injection in the Juddi API service. Due to the way the code is constructed, it's possible for a malicious user to be created containing a SQL statement as the user name. When an administrator attempts to delete the publisher, there's a chance that the malicious username may be executed as a SQL statement.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JUDDI-762 deleting a publisher should also delete their content, auth tokens

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              spyhunter99 Alex O'Ree
              spyhunter99 Alex O'Ree
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: