Command Injection in Kylin

2020-07-27T22:51:44
ID GHSA-GPRM-XQRC-C2J3
Type github
Reporter GitHub Advisory Database
Modified 2020-07-27T22:51:44

Description

Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.