CVE-2020-1937

2020-02-2420:57:52

apache

www.cve.org

8.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

CNA Affected

[
  {
    "product": "Apache Kylin",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "ApacheKylin 2.3.0 to 2.3.2"
      },
      {
        "status": "affected",
        "version": "2.4.0 to 2.4.1"
      },
      {
        "status": "affected",
        "version": "2.5.0 to 2.5.2"
      },
      {
        "status": "affected",
        "version": "2.6.0 to 2.6.4"
      },
      {
        "status": "affected",
        "version": "3.0.0-alpha"
      },
      {
        "status": "affected",
        "version": "3.0.0-alpha2"
      },
      {
        "status": "affected",
        "version": "3.0.0-beta"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      }
    ]
  }
]