Lucene search
ApacheCVELIST:CVE-2020-13925HistoryJul 14, 2020 - 12:47 p.m.
CVE-2020-13925
2020-07-1412:47:46
apache
www.cve.org
Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all previous versions after 2.3 should upgrade to 3.1.0.
CNA Affected
[
{
"product": "Apache Kylin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Kylin 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1 3.0.2"
}
]
}
]Related
attackerkb
attackerkb
CVE-2020-1956
2020-05-22 00:00:00
CVE-2020-13925
2020-07-14 00:00:00
github
github
Command Injection in Kylin
2020-07-27 22:51:37
Command Injection in Kylin
2020-07-27 22:51:44
nvd
nvd
CVE-2020-13925
2020-07-14 13:15:11
CVE-2020-1956
2020-05-22 14:15:11
osv
osv
CVE-2020-13925
2020-07-14 13:15:00
Command Injection in Kylin
2020-07-27 22:51:37
Command Injection in Kylin
2020-07-27 22:51:44
prion
prion
Input validation
2020-07-14 13:15:00
Input validation
2020-05-22 14:15:00
cve
cve
CVE-2020-13925
2020-07-14 13:15:11
CVE-2020-1956
2020-05-22 14:15:11
githubexploit
githubexploit
Exploit for OS Command Injection in Apache Kylin
2020-07-20 10:38:14
Exploit for OS Command Injection in Apache Kylin
2021-07-08 00:58:07
checkpoint_advisories
checkpoint_advisories
Apache Kylin Command Injection (CVE-2020-13925)
2020-07-28 00:00:00
Apache Kylin Remote Code Execution (CVE-2020-1956)
2020-12-27 00:00:00
veracode
veracode
OS Command Injection
2020-07-16 06:10:27
OS Command Injection
2020-05-21 07:13:05
nessus
nessus
cvelist
cvelist
CVE-2020-1956
2020-05-22 13:27:43
cisa_kev
cisa_kev
Apache Kylin OS Command Injection Vulnerability
2022-03-25 00:00:00
nuclei
nuclei
Apache Kylin 3.0.1 - Command Injection Vulnerability
2023-05-11 09:03:44