Details
-
Type:
Bug
-
Status: Resolved (View Workflow)
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 1.7.9, Meridian-2015.1.0, Meridian-2016.1.0
-
Fix Version/s: 20.0.2, Meridian-2015.1.6, Meridian-2016.1.6
-
Component/s: REST
-
Labels:None
-
Sprint:Horizon - July 12th
Description
The RESTv1 service supports a "query" parameter that can be used for SQL injection. This parameter is mentioned in the docs but should probably be removed anyway since it can be used for injection.
https://docs.opennms.org/opennms/releases/20.0.0/guide-development/guide-development.html#_alarms