Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis (OLAP) and other functions. Apache kylin has a server-side request forgery vulnerability, which stems from in StreamingCoordinatorController.java
handling /kylin/api /streaming_coordinator/*
REST API endpoints fail to properly validate user input, and an attacker could use this vulnerability to probe the server’s intranet resources.
CPE | Name | Operator | Version |
---|---|---|---|
apache kylin | eq | 3.0.0 | |
apache kylin | eq | 3.0.1 | |
apache kylin | eq | 3.0.2 | |
apache kylin | eq | 3.1.0 | |
apache kylin | eq | 3.1.1 | |
apache kylin | eq | 3.1.2 |