Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis (OLAP) and other functions. kylin has a command injection vulnerability, the vulnerability stems from the risk of the blacklist being bypassed, an attacker can use the vulnerability to control the command by controlling the kylin.engine.spark-cmd parameter of conf.
CPE | Name | Operator | Version |
---|---|---|---|
apache kylin | lt | 4.0.3 |