Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:26 p.m.4 views

CVE-2021-45457

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions...

7.5CVSS5.3AI score0.02338EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.25 views

Apache Kylin vulnerable to remote code execution

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.8CVSS7.4AI score0.84777EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2022/01/06 1:15 p.m.23 views

CVE-2021-27738

All request mappings in StreamingCoordinatorController.java handling /kylin/api/streamingcoordinator/ REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification...

7.5CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2022/01/06 1:15 p.m.25 views

Server side request forgery (ssrf)

All request mappings in StreamingCoordinatorController.java handling /kylin/api/streamingcoordinator/ REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification...

5CVSS7.7AI score0.02557EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/06 12:35 p.m.38 views

CVE-2021-27738 Improper Access Control to Streaming Coordinator & SSRF

All request mappings in StreamingCoordinatorController.java handling /kylin/api/streamingcoordinator/ REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification...

7.9AI score0.02557EPSS
Exploits0References2
Rows per page
Query Builder