Lucene search
ApacheCVELIST:CVE-2021-45456HistoryJan 06, 2022 - 12:35 p.m.
CVE-2021-45456 Command injection
2022-01-0612:35:21
apache
www.cve.org
1
Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass the check and perform the following steps, resulting in a command injection vulnerability. This issue affects Apache Kylin 4.0.0.
CNA Affected
[
{
"product": "Apache Kylin",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Kylin 4 4.0.0"
}
]
}
]Related
cve
cve
CVE-2021-45456
2022-01-06 13:15:08
nvd
nvd
CVE-2021-45456
2022-01-06 13:15:08
veracode
veracode
Command Injection
2022-01-07 14:15:32
cnvd
cnvd
Apache Kylin OS Command Injection Vulnerability
2022-01-07 00:00:00
osv
osv
CVE-2021-45456
2022-01-06 13:15:08
Command Injection in Apache Kylin
2022-01-08 00:42:59
prion
prion
Command injection
2022-01-06 13:15:00
github
github
Command Injection in Apache Kylin
2022-01-08 00:42:59