Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.22 views

Apache Kylin vulnerable to remote code execution

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.8CVSS7.4AI score0.84777EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2022/01/06 1:15 p.m.22 views

CVE-2021-27738

All request mappings in StreamingCoordinatorController.java handling /kylin/api/streamingcoordinator/ REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification...

7.5CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2022/01/06 1:15 p.m.22 views

Server side request forgery (ssrf)

All request mappings in StreamingCoordinatorController.java handling /kylin/api/streamingcoordinator/ REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification...

5CVSS7.7AI score0.02557EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/06 12:35 p.m.37 views

CVE-2021-27738 Improper Access Control to Streaming Coordinator & SSRF

All request mappings in StreamingCoordinatorController.java handling /kylin/api/streamingcoordinator/ REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification...

7.9AI score0.02557EPSS
Exploits0References2
Rows per page
Query Builder