5 matches found
CVE-2022-44621
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...
CVE-2022-44621
creationtimestamp| type| source ---|---|--- 2022-12-30 14:14:03+00:00| seen| https://t.me/cibsecurity/55554 2023-01-05 13:41:52+00:00| published-proof-of-concept| https://t.me/dilagrafie/349 2023-01-05 13:41:52+00:00| published-proof-of-concept| https://t.me/dilagrafie/2232 2025-04-11...
org.apache.kylin:kylin-spark-test (=4.0.0-alpha), org.apache.kylin:kylin-tool-assembly (>=2.1.0 <=4.0.0-alpha) +2 more potentially affected by CVE-2022-44621 via org.apache.kylin:kylin-server-base (>=2.1.0 <=4.0.0-alpha)
org.apache.kylin:kylin-server-base MAVEN version =2.1.0, =2.1.0, =1.1.0, =1.1.0, =2.4.0 Source cves: CVE-2022-44621 Source advisory: OSV:GHSA-W9RV-XMF7-X3GH...
CVE-2022-44621
CVE-2022-44621 relates to Apache Kylin and concerns the Diagnosis Controller. The underlying issue is missing parameter validation in the controller, enabling potential command injection through HTTP requests. Multiple sources describe this as a high-severity, remote-execution risk (CVSS v3.1 bas...
CVE-2022-44621 Apache Kylin: Command injection by Diagnosis Controller
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...