Lucene search
ApacheCVELIST:CVE-2022-43396HistoryDec 30, 2022 - 10:30 a.m.
CVE-2022-43396 Apache Kylin: Command injection by Useless configuration
2022-12-3010:30:45
apache
www.cve.org
cve-2022-43396; apache kylin; command injection; risk; configuration; bypass; user input; parameter control; spark-cmd
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Kylin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "Apache Kylin 4",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2022-43396
2022-12-30 11:15:10
CVE-2022-24697
2022-10-13 13:15:09
prion
prion
Input validation
2022-12-30 11:15:00
Command injection
2022-10-13 13:15:00
nvd
nvd
CVE-2022-43396
2022-12-30 11:15:10
CVE-2022-24697
2022-10-13 13:15:09
osv
osv
CVE-2022-43396
2022-12-30 11:15:10
Apache Kylin vulnerable to Command injection by Useless configuration
2022-12-30 12:30:25
CVE-2022-24697
2022-10-13 13:15:09
github
github
Apache Kylin vulnerable to Command injection by Useless configuration
2022-12-30 12:30:25
Apache Kylin vulnerable to remote code execution
2023-07-06 19:24:01
cvelist
cvelist
veracode
veracode
Command Injection
2023-01-09 11:40:04
Command Injection
2022-10-14 09:35:28
cnvd
cnvd
Apache Kylin Command Injection Vulnerability
2023-01-04 00:00:00
f5
f5
K13249530 : Apache Kylin vulnerability CVE-2022-24697
2022-10-24 00:00:00