[hotfix] fix security risk of SQL injection - Githubissues

apache / submarine

Submarine is Cloud Native Machine Learning Platform.

https://submarine.apache.org/

Apache License 2.0

689 stars 252 forks source link

[hotfix] fix security risk of SQL injection #1121

Closed xunliu closed 4 months ago

xunliu commented 4 months ago

What type of PR is it?

[Hot Fix]

Screenshots (if appropriate)

GET /api/sys/duplicateCheck?tableName=sys_user&amp;fieldName=1+*+and+user_name&amp;fieldVal=admin HTTP/1.1
Host: 192.168.153.129:32080
Accept: application/json, text/plain, */*
User-Agent: OpenAPI-Generator/v2/python
Referer: http://192.168.153.129:32080/workbench/manager/user
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

Questions:

Do the license files need updating? Yes/No
Are there breaking changes for older versions? Yes/No
Does this need new documentation? Yes/No