Lucene search
PRIOn knowledge basePRION:CVE-2022-43396HistoryDec 30, 2022 - 11:15 a.m.
Input validation
2022-12-3011:15:00
PRIOn knowledge base
www.prio-n.com
5
input validation
blacklist
bypass risk
user control
command filtering
security vulnerability
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.
Related
cve
cve
CVE-2022-43396
2022-12-30 11:15:10
CVE-2022-24697
2022-10-13 13:15:09
cvelist
cvelist
nvd
nvd
CVE-2022-43396
2022-12-30 11:15:10
CVE-2022-24697
2022-10-13 13:15:09
osv
osv
CVE-2022-43396
2022-12-30 11:15:10
Apache Kylin vulnerable to Command injection by Useless configuration
2022-12-30 12:30:25
CVE-2022-24697
2022-10-13 13:15:09
github
github
Apache Kylin vulnerable to Command injection by Useless configuration
2022-12-30 12:30:25
Apache Kylin vulnerable to remote code execution
2023-07-06 19:24:01
veracode
veracode
Command Injection
2023-01-09 11:40:04
Command Injection
2022-10-14 09:35:28
cnvd
cnvd
Apache Kylin Command Injection Vulnerability
2023-01-04 00:00:00
f5
f5
K13249530 : Apache Kylin vulnerability CVE-2022-24697
2022-10-24 00:00:00
prion
prion
Command injection
2022-10-13 13:15:00