Lucene search
China National Vulnerability DatabaseCNVD-2023-02475HistoryJan 04, 2023 - 12:00 a.m.
Apache Kylin Command Injection Vulnerability
2023-01-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
apache kylin
distributed analytic
data warehouse
hadoop
spark
sql query
multidimensional analysis
command injection
blacklist bypass
parameter control
0.001 Low
EPSS
Percentile
50.8%
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis (OLAP) and other functions. kylin has a command injection vulnerability, the vulnerability stems from the risk of the blacklist being bypassed, an attacker can use the vulnerability to control the command by controlling the kylin.engine.spark-cmd parameter of conf.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache kylin | lt | 4.0.3 |
Related
veracode
veracode
Command Injection
2023-01-09 11:40:04
osv
osv
Apache Kylin vulnerable to Command injection by Useless configuration
2022-12-30 12:30:25
CVE-2022-43396
2022-12-30 11:15:10
github
github
Apache Kylin vulnerable to Command injection by Useless configuration
2022-12-30 12:30:25
cve
cve
CVE-2022-43396
2022-12-30 11:15:10
cvelist
cvelist
CVE-2022-43396 Apache Kylin: Command injection by Useless configuration
2022-12-30 10:30:45
prion
prion
Input validation
2022-12-30 11:15:00
nvd
nvd
CVE-2022-43396
2022-12-30 11:15:10