Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >

Search





SUPPORT  

JFrog takes the privacy and security of its customers very seriously and always strives to provide prompt notification and remediation of any vulnerabilities discovered on JFrog products.  As a CVE Numbering Authority (CNA), JFrog assigns CVE identification numbers to newly discovered security vulnerabilities.

                                                                                                                                             

SeverityCVESummaryProductVersionsPublishedUpdated

HIGH

JFrog Artifactory prior to version 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.Artifactory
  • Versions prior to 7.25.4 
  • Versions prior to 6.23.30
15/12/202115/12/2021




  








  • No labels
Copyright © 2022 JFrog Ltd.