4 matches found
CVE-2020-1937
creationtimestamp| type| source ---|---|--- 2020-10-09 13:24:43+00:00| seen| MISP/b14f5ca4-fb33-4da3-ad29-dcaf9e3d3fc4...
org.apache.kylin:kylin-tool-assembly (>=2.1.0 <=2.6.4), org.apache.ranger:ranger-kylin-plugin (>=1.1.0 <=2.2.0) +1 more potentially affected by CVE-2020-1937 via org.apache.kylin:kylin-server-base (>=2.1.0 <=2.6.4)
org.apache.kylin:kylin-server-base MAVEN version =2.1.0, =2.1.0, =1.1.0, =1.1.0, =2.2.0 Source cves: CVE-2020-1937 Source advisory: OSV:GHSA-7HMH-8GWV-MFVQ...
CVE-2020-1937
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries...
CVE-2020-1937
CVE-2020-1937 (Kylin) concerns an injection flaw in Kylin’s RESTful APIs where user input is concatenated into SQL queries. The available sources consistently describe a SQL injection risk enabling an attacker to run arbitrary database statements through vulnerable endpoints. The technical detail...