Lucene search
GoogleOSV:GHSA-QWFW-GXX2-MMV2HistoryJul 27, 2020 - 10:51 p.m.
Command Injection in Kylin
2020-07-2722:51:37
Google
osv.dev
11
0.974 High
EPSS
Percentile
99.9%
Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all previous versions after 2.3 should upgrade to 3.1.0.
References
lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cuser.kylin.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2020-13925
snyk.io/vuln/SNYK-JAVA-ORGAPACHEKYLIN-584373
Related
attackerkb
attackerkb
CVE-2020-1956
2020-05-22 00:00:00
CVE-2020-13925
2020-07-14 00:00:00
cvelist
cvelist
CVE-2020-13925
2020-07-14 12:47:46
CVE-2020-1956
2020-05-22 13:27:43
github
github
Command Injection in Kylin
2020-07-27 22:51:37
Command Injection in Kylin
2020-07-27 22:51:44
nvd
nvd
CVE-2020-13925
2020-07-14 13:15:11
CVE-2020-1956
2020-05-22 14:15:11
osv
osv
CVE-2020-13925
2020-07-14 13:15:00
Command Injection in Kylin
2020-07-27 22:51:44
CVE-2020-1956
2020-05-22 14:15:11
prion
prion
Input validation
2020-07-14 13:15:00
Input validation
2020-05-22 14:15:00
cve
cve
CVE-2020-13925
2020-07-14 13:15:11
CVE-2020-1956
2020-05-22 14:15:11
githubexploit
githubexploit
Exploit for OS Command Injection in Apache Kylin
2020-07-20 10:38:14
Exploit for OS Command Injection in Apache Kylin
2021-07-08 00:58:07
checkpoint_advisories
checkpoint_advisories
Apache Kylin Command Injection (CVE-2020-13925)
2020-07-28 00:00:00
Apache Kylin Remote Code Execution (CVE-2020-1956)
2020-12-27 00:00:00
veracode
veracode
OS Command Injection
2020-07-16 06:10:27
OS Command Injection
2020-05-21 07:13:05
nessus
nessus
cisa_kev
cisa_kev
Apache Kylin OS Command Injection Vulnerability
2022-03-25 00:00:00
nuclei
nuclei
Apache Kylin 3.0.1 - Command Injection Vulnerability
2023-05-11 09:03:44