Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2022-7613

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.56844EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2023/07/06 7:24 p.m.5 views

org.apache.kylin:kylin-spark-test (=4.0.0-alpha), org.apache.kylin:kylin-tool-assembly (>=2.1.0 <=4.0.0-alpha) +2 more potentially affected by CVE-2022-24697 via org.apache.kylin:kylin-server-base (>=2.1.0 <=4.0.0-alpha)

org.apache.kylin:kylin-server-base MAVEN version =2.1.0, =2.1.0, =1.1.0, =1.1.0, =2.4.0 Source cves: CVE-2022-24697 Source advisory: OSV:GHSA-PPXX-M926-G569...

9.8CVSS7.2AI score0.84777EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/07/06 7:24 p.m.5 views

org.apache.kylin:kylin-cache (>=2.6.0 <=4.0.0-alpha), org.apache.kylin:kylin-core-cube (>=1.5.0 <=4.0.0-alpha) +23 more potentially affected by CVE-2022-24697 via org.apache.kylin:kylin-core-common (>=1.5.0 <=4.0.0-alpha)

org.apache.kylin:kylin-core-common MAVEN version =1.5.0, =2.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =2.3.2, =1.5.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =3.0.2 - org.apache.kylin:kylin-spark-common =4.0.0-alpha and more Source cves: CVE-2022-24697 Source advisory:...

9.8CVSS7.2AI score0.84777EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/12/30 12:30 p.m.46 views

Apache Kylin vulnerable to Command injection by Useless configuration

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...

8.8CVSS8.9AI score0.56844EPSS
Exploits0References4Affected Software1
Circl
Circl
added 2022/10/13 4:27 p.m.5 views

CVE-2022-24697

creationtimestamp| type| source ---|---|--- 2022-10-13 16:27:39+00:00| seen| https://t.me/cibsecurity/51315 2022-12-30 14:14:11+00:00| seen| https://t.me/cibsecurity/55559...

9.8CVSS8.6AI score0.84777EPSS
Exploits0References2
NVD
NVD
added 2022/10/13 1:15 p.m.38 views

CVE-2022-24697

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.8CVSS0.84777EPSS
Exploits0References2
CVE
CVE
added 2022/10/13 12:0 a.m.108 views

CVE-2022-24697

CVE-2022-24697 affects Apache Kylin’s cube designer function and enables command injection/RCE by manipulating the configuration overwrite menu. The root cause described across Red Hat advisories is improper input filtering; an attacker can influence command execution by controlling the kylin.eng...

9.8CVSS9.2AI score0.84777EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.8 views

CVE-2022-24697 Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.6AI score0.84777EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/13 12:0 a.m.40 views

CVE-2022-24697 Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.6AI score0.84777EPSS
Exploits0References2
Rows per page
Query Builder