CVE-2020-1937
N/A
N/A
Summary
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache | Apache Kylin | ApacheKylin 2.3.0 to 2.3.2 | affected |
| Apache | Apache Kylin | 2.4.0 to 2.4.1 | affected |
| Apache | Apache Kylin | 2.5.0 to 2.5.2 | affected |
| Apache | Apache Kylin | 2.6.0 to 2.6.4 | affected |
| Apache | Apache Kylin | 3.0.0-alpha | affected |
| Apache | Apache Kylin | 3.0.0-alpha2 | affected |
| Apache | Apache Kylin | 3.0.0-beta | affected |
| Apache | Apache Kylin | 3.0.0 | affected |
Weaknesses
- SQL injection
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread.html/rc574fef23740522f62ab3bbda4f6171be98aa7a25f3f54be143a80a8%40%3Cuser.kylin.apache.org%3E
- https://lists.apache.org/thread.html/r61666760d8a4e8764b2d5fe158d8a48b569414480fbfadede574cdc0%40%3Ccommits.kylin.apache.org%3E
- https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf%40%3Ccommits.kylin.apache.org%3E
References
- https://lists.apache.org/thread.html/rc574fef23740522f62ab3bbda4f6171be98aa7a25f3f54be143a80a8%40%3Cuser.kylin.apache.org%3E
- https://lists.apache.org/thread.html/r61666760d8a4e8764b2d5fe158d8a48b569414480fbfadede574cdc0%40%3Ccommits.kylin.apache.org%3E
- https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf%40%3Ccommits.kylin.apache.org%3E
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.