CVE-2020-1937

Summary

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

Affected Software

VendorProductVersion RangeStatus
ApacheApache KylinApacheKylin 2.3.0 to 2.3.2affected
ApacheApache Kylin2.4.0 to 2.4.1affected
ApacheApache Kylin2.5.0 to 2.5.2affected
ApacheApache Kylin2.6.0 to 2.6.4affected
ApacheApache Kylin3.0.0-alphaaffected
ApacheApache Kylin3.0.0-alpha2affected
ApacheApache Kylin3.0.0-betaaffected
ApacheApache Kylin3.0.0affected

Weaknesses

  • SQL injection

ADP Enrichment

CVE Program Container

Additional References

References