Lucene search
ApacheCVELIST:CVE-2021-36774HistoryJan 06, 2022 - 12:35 p.m.
CVE-2021-36774 Mysql JDBC Connector Deserialize RCE
2022-01-0612:35:20
apache
www.cve.org
8
apache kylin
jdbc connector
deserialize
rce
mysql
cve-2021-36774
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.
CNA Affected
[
{
"product": "Apache Kylin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "Apache Kylin 2",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.2",
"status": "affected",
"version": "Apache Kylin 3",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2021-36774
2022-01-06 13:15:08
SQL Injection in Apache Kylin
2022-01-08 00:43:04
prion
prion
Code injection
2022-01-06 13:15:00
cnvd
cnvd
Apache Kylin permission permission and access control issues vulnerability
2022-01-08 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-01-07 12:20:13
github
github
SQL Injection in Apache Kylin
2022-01-08 00:43:04
nvd
nvd
CVE-2021-36774
2022-01-06 13:15:08
cve
cve
CVE-2021-36774
2022-01-06 13:15:08