N/A

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.

N/A

N/A

Octopus Deploy SQL注入漏洞

Octopus Deploy是澳大利亚Octopus Deploy公司的一款用于.NET、Java等应用程序开发部署的自动化工具。 Octopus Server 存在SQL注入漏洞，该漏洞源于用户在Events REST API请求中提供的数据没有正确参数化。该漏洞允许攻击者对数据库表进行未经授权的访问。

N/A

N/A