Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:58 a.m.8 views

CVE-2022-43396

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...

9.8CVSS6.5AI score0.84777EPSS
Exploits0References1
Circl
Circl
added 2022/12/30 2:14 p.m.5 views

CVE-2022-43396

creationtimestamp| type| source ---|---|--- 2022-12-30 14:14:11+00:00| seen| https://t.me/cibsecurity/55559 2023-01-05 13:41:52+00:00| published-proof-of-concept| https://t.me/dilagrafie/349 2023-01-05 13:41:52+00:00| published-proof-of-concept| https://t.me/dilagrafie/2232...

8.8CVSS8.1AI score0.56844EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/30 10:30 a.m.40 views

CVE-2022-43396 Apache Kylin: Command injection by Useless configuration

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...

9.5AI score0.56844EPSS
Exploits0References1
OSV
OSV
added 2022/12/30 10:30 a.m.15 views

CVE-2022-43396 Apache Kylin: Command injection by Useless configuration

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...

8.8CVSS7.1AI score0.56844EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/30 10:30 a.m.6 views

CVE-2022-43396 Apache Kylin: Command injection by Useless configuration

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...

6.8AI score0.56844EPSS
Exploits0References1
CVE
CVE
added 2022/12/30 10:30 a.m.120 views

CVE-2022-43396

CVE-2022-43396 involves a command injection in Apache Kylin caused by a blacklist bypass in the configuration parameter kylin.engine.spark-cmd (conf). The vulnerability arises from allowing attackers to influence the command line, enabling arbitrary OS command execution via cube designer/command ...

8.8CVSS9.2AI score0.56844EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder