Lucene search
China National Vulnerability DatabaseCNVD-2022-02753HistoryJan 08, 2022 - 12:00 a.m.
Apache Kylin server-side request forgery vulnerability
2022-01-0800:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
0.002 Low
EPSS
Percentile
54.2%
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis (OLAP) and other functions. Apache kylin has a server-side request forgery vulnerability, which stems from in StreamingCoordinatorController.java handling /kylin/api /streaming_coordinator/* REST API endpoints fail to properly validate user input, and an attacker could use this vulnerability to probe the server’s intranet resources.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache kylin | eq | 3.0.0 | |
| apache kylin | eq | 3.0.1 | |
| apache kylin | eq | 3.0.2 | |
| apache kylin | eq | 3.1.0 | |
| apache kylin | eq | 3.1.1 | |
| apache kylin | eq | 3.1.2 |
Related
osv
osv
Server-Side Request Forgery in Apache Kylin
2022-01-08 00:43:04
CVE-2021-27738
2022-01-06 13:15:07
cve
cve
CVE-2021-27738
2022-01-06 13:15:07
nvd
nvd
CVE-2021-27738
2022-01-06 13:15:07
github
github
Server-Side Request Forgery in Apache Kylin
2022-01-08 00:43:04
prion
prion
Server side request forgery (ssrf)
2022-01-06 13:15:00
veracode
veracode
Server-Side Request Forgery (SSRF)
2022-01-07 02:31:09
cvelist
cvelist
CVE-2021-27738 Improper Access Control to Streaming Coordinator & SSRF
2022-01-06 12:35:17