[MAVEN:GHSA-V7CQ-PQ7V-MH5V] Apache Derby SQL Injection

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.

Package	Affected Version
pkg:maven/org.apache.derby/derby	< 10.2.1.6

Package	Fixed Version
pkg:maven/org.apache.derby/derby	= 10.2.1.6

ID: MAVEN:GHSA-V7CQ-PQ7V-MH5V
Severity: moderate
URL: https://github.com/advisories/GHSA-v7cq-pq7v-mh5v
Published: 2022-05-01T07:45:41
(2 years ago)
Modified: 2024-02-12T16:48:30
(7 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2006-7217
			http://db.apache.org/derby/releases/release-10.2.1.6.html
			https://github.com/apache/derby/commit/28c633d82a776c90fd1cd835a0b66d1c8916d31a
			https://svn.apache.org/viewvc?view=revision&revision=449869
			https://web.archive.org/web/20090406213028/http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
			https://web.archive.org/web/20200301122517/https://issues.apache.org/jira/browse/DERBY-1858
			https://github.com/advisories/GHSA-v7cq-pq7v-mh5v

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.derby/derby	org.apache.derby	derby	< 10.2.1.6
Fixed	pkg:maven/org.apache.derby/derby	org.apache.derby	derby	= 10.2.1.6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date