9 matches found
EUVD-2022-7613
Malicious code in bioql PyPI...
org.apache.kylin:kylin-spark-test (=4.0.0-alpha), org.apache.kylin:kylin-tool-assembly (>=2.1.0 <=4.0.0-alpha) +2 more potentially affected by CVE-2022-24697 via org.apache.kylin:kylin-server-base (>=2.1.0 <=4.0.0-alpha)
org.apache.kylin:kylin-server-base MAVEN version =2.1.0, =2.1.0, =1.1.0, =1.1.0, =2.4.0 Source cves: CVE-2022-24697 Source advisory: OSV:GHSA-PPXX-M926-G569...
org.apache.kylin:kylin-cache (>=2.6.0 <=4.0.0-alpha), org.apache.kylin:kylin-core-cube (>=1.5.0 <=4.0.0-alpha) +23 more potentially affected by CVE-2022-24697 via org.apache.kylin:kylin-core-common (>=1.5.0 <=4.0.0-alpha)
org.apache.kylin:kylin-core-common MAVEN version =1.5.0, =2.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =2.3.2, =1.5.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =3.0.2 - org.apache.kylin:kylin-spark-common =4.0.0-alpha and more Source cves: CVE-2022-24697 Source advisory:...
Apache Kylin vulnerable to Command injection by Useless configuration
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...
CVE-2022-24697
creationtimestamp| type| source ---|---|--- 2022-10-13 16:27:39+00:00| seen| https://t.me/cibsecurity/51315 2022-12-30 14:14:11+00:00| seen| https://t.me/cibsecurity/55559...
CVE-2022-24697
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...
CVE-2022-24697
CVE-2022-24697 affects Apache Kylin’s cube designer function and enables command injection/RCE by manipulating the configuration overwrite menu. The root cause described across Red Hat advisories is improper input filtering; an attacker can influence command execution by controlling the kylin.eng...
CVE-2022-24697 Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...
CVE-2022-24697 Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...