[NMS-9478] "query" parameter allows SQL injection - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.7.9, Meridian-2015.1.0, Meridian-2016.1.0
Fix Version/s: 20.0.2, Meridian-2015.1.6, Meridian-2016.1.6
Component/s: REST
Labels:
None

Sprint:
Horizon - July 12th

Description

The RESTv1 service supports a "query" parameter that can be used for SQL injection. This parameter is mentioned in the docs but should probably be removed anyway since it can be used for injection.

https://docs.opennms.org/opennms/releases/20.0.0/guide-development/guide-development.html#_alarms

Attachments

Activity

People

Assignee:: Seth Leger

Reporter:: Seth Leger

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Jun/17 3:14 PM

Updated:: 07/Sep/17 5:22 PM

Resolved:: 17/Jul/17 8:33 PM