matrixone icon indicating copy to clipboard operation
matrixone copied to clipboard
verified publisher icon matrixorigin

[Bug]: SQL injection of cdc

Open ck89119 opened this issue 10 months ago • 0 comments

Is there an existing issue for the same bug?

  • [x] I have checked the existing issues.

Branch Name

main

Commit ID

8caa563b5

Other Environment Information

- Hardware parameters:
- OS type:
- Others:

Actual Behavior

上游表t1,表结构

create table t1 (c1 varchar(1024));

往t1中新增一条记录

insert into t1 values ('\'); DELETE FROM t2; --')

这时cdc生成的sql为

replace into t1 values (''); DELETE FROM t2; --');

会把下游t2表中的数据全部删除

Expected Behavior

No response

Steps to Reproduce

as Actual Behavior

Additional information

No response

ck89119 avatar Feb 27 '25 09:02 ck89119