Details
-
Bug
-
Status: Resolved (View Workflow)
-
Blocker
-
Resolution: Fixed
-
1.7.9, Meridian-2015.1.0, Meridian-2016.1.0
-
None
-
Horizon - July 12th
Description
The RESTv1 service supports a "query" parameter that can be used for SQL injection. This parameter is mentioned in the docs but should probably be removed anyway since it can be used for injection.
https://docs.opennms.org/opennms/releases/20.0.0/guide-development/guide-development.html#_alarms