GHSA-v7cq-pq7v-mh5v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v7cq-pq7v-mh5v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v7cq-pq7v-mh5v/GHSA-v7cq-pq7v-mh5v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v7cq-pq7v-mh5v
- Aliases
-
- CVE-2006-7217
- Published
- 2022-05-01T07:45:41Z
- Modified
- 2024-11-28T05:34:46.520969Z
- Summary
- Apache Derby SQL Injection
- Details
-
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
- Database specific
{ "nvd_published_at": "2007-07-05T20:30:00Z", "severity": "MODERATE", "github_reviewed_at": "2024-02-12T16:48:29Z", "github_reviewed": true, "cwe_ids": [ "CWE-89" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2006-7217
- https://github.com/apache/derby/commit/28c633d82a776c90fd1cd835a0b66d1c8916d31a
- https://github.com/apache/derby
- https://svn.apache.org/viewvc?view=revision&revision=449869
- https://web.archive.org/web/20090406213028/http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
- https://web.archive.org/web/20200301122517/https://issues.apache.org/jira/browse/DERBY-1858
- http://db.apache.org/derby/releases/release-10.2.1.6.html
Affected packages
Maven / org.apache.derby:derby
Package
- Name
- org.apache.derby:derby
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.derby/derby