Lucene search
ApacheCVELIST:CVE-2021-45457HistoryJan 06, 2022 - 12:35 p.m.
CVE-2021-45457 Overly broad CORS configuration
2022-01-0612:35:22
apache
www.cve.org
9
apache kylin
cve-2021-45457
cors
vulnerability
EPSS
0.001
Percentile
51.1%
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
CNA Affected
[
{
"product": "Apache Kylin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "Apache Kylin 2",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.2",
"status": "affected",
"version": "Apache Kylin 3",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "Apache Kylin 4",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-01-06 13:15:00
github
github
osv
osv
CVE-2021-45457
2022-01-06 13:15:08
cnvd
cnvd
Apache Kylin Access Control Error Vulnerability
2022-01-07 00:00:00
nvd
nvd
CVE-2021-45457
2022-01-06 13:15:08
cve
cve
CVE-2021-45457
2022-01-06 13:15:08
veracode
veracode
Cross-Site Request Forgery (CSRF)
2022-01-07 07:30:03