6 matches found
CVE-2022-43396
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...
CVE-2022-43396
creationtimestamp| type| source ---|---|--- 2022-12-30 14:14:11+00:00| seen| https://t.me/cibsecurity/55559 2023-01-05 13:41:52+00:00| published-proof-of-concept| https://t.me/dilagrafie/349 2023-01-05 13:41:52+00:00| published-proof-of-concept| https://t.me/dilagrafie/2232...
CVE-2022-43396 Apache Kylin: Command injection by Useless configuration
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...
CVE-2022-43396 Apache Kylin: Command injection by Useless configuration
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...
CVE-2022-43396 Apache Kylin: Command injection by Useless configuration
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...
CVE-2022-43396
CVE-2022-43396 involves a command injection in Apache Kylin caused by a blacklist bypass in the configuration parameter kylin.engine.spark-cmd (conf). The vulnerability arises from allowing attackers to influence the command line, enabling arbitrary OS command execution via cube designer/command ...