Lucene search
+L

7 matches found

redhatcve
redhatcve
added 2025/05/22 5:40 p.m.8 views

CVE-2020-1956

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...

9CVSS7.1AI score0.97337EPSS
Exploits2
nessus
nessus
added 2023/11/28 12:0 a.m.20 views

Apache Kylin 2.3.x < 2.3.3 / 2.4.x < 2.4.2 / 2.5.x < 2.5.3 / 2.6.x < 2.6.6 / 3.x < 3.0.2 Command Injection (CVE-2020-1956)

The instance of Apache Kylin running on the remote host is 2.3.x prior to 2.3.3, 2.4.x prior to 2.4.2, 2.5.x prior to 2.5.3, 2.6.x prior to 2.6.6 or 3.x prior to 3.0.2. Therefore, it is affected by a command injection vulnerability due to some restful APIs concatenating OS commands with user inpu...

9CVSS8.2AI score0.97337EPSS
Exploits2References4
checkpoint_advisories
checkpoint_advisories
added 2020/12/27 12:0 a.m.52 views

Apache Kylin Remote Code Execution (CVE-2020-1956)

A command execution vulnerability exists in Apache kylin 2.3.2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.8AI score0.97337EPSS
Exploits2
circl
circl
added 2020/10/09 1:36 p.m.9 views

CVE-2020-1956

creationtimestamp| type| source ---|---|--- 2020-10-09 13:36:17+00:00| seen| MISP/e439b884-82c9-422e-bee5-4425a48da4c3 2020-10-15 15:07:04+00:00| seen| MISP/cbd9bbb3-3f53-4610-9d91-9191ff0a9ca8 2020-10-16 06:55:52+00:00| seen| MISP/25aef508-b116-4d75-84b2-b6ceff906e44 2021-09-21 06:42:52+00:00|...

9CVSS7.3AI score0.97337EPSS
Exploits2References7
vulnersosv
vulnersosv
added 2020/07/27 10:51 p.m.9 views

org.apache.kylin:kylin-cache (>=2.6.0 <=2.6.5), org.apache.kylin:kylin-core-cube (>=1.5.0 <=2.6.5) +16 more potentially affected by CVE-2020-1956 via org.apache.kylin:kylin-core-common (>=1.5.0 <=2.6.5)

org.apache.kylin:kylin-core-common MAVEN version =1.5.0, =2.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =2.3.2, =1.5.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =2.6.5 - org.apache.kylin:kylin-tool =1.5.1 and more Source cves: CVE-2020-1956 Source advisory: OSV:GHSA-GPRM-XQRC-C2J3...

9CVSS7.2AI score0.97337EPSS
Exploits2
nvd
nvd
added 2020/05/22 2:15 p.m.15 views

CVE-2020-1956

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...

9CVSS8.8AI score0.97337EPSS
Exploits2References9
cve
cve
added 2020/05/22 1:27 p.m.1064 views

CVE-2020-1956

Apache Kylin CVE-2020-1956 affects 2.3.0 and releases up to 2.6.5 and 3.0.1, where REST APIs concatenate user input into OS commands, enabling likely remote code execution with high impact. Connected documents confirm vulnerable versions and the underlying command injection in the REST layer; som...

9CVSS8.6AI score0.97337EPSS
In wildExploits2References9Affected Software1
Rows per page
Query Builder