7 matches found
CVE-2020-1956
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...
Apache Kylin 2.3.x < 2.3.3 / 2.4.x < 2.4.2 / 2.5.x < 2.5.3 / 2.6.x < 2.6.6 / 3.x < 3.0.2 Command Injection (CVE-2020-1956)
The instance of Apache Kylin running on the remote host is 2.3.x prior to 2.3.3, 2.4.x prior to 2.4.2, 2.5.x prior to 2.5.3, 2.6.x prior to 2.6.6 or 3.x prior to 3.0.2. Therefore, it is affected by a command injection vulnerability due to some restful APIs concatenating OS commands with user inpu...
Apache Kylin Remote Code Execution (CVE-2020-1956)
A command execution vulnerability exists in Apache kylin 2.3.2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2020-1956
creationtimestamp| type| source ---|---|--- 2020-10-09 13:36:17+00:00| seen| MISP/e439b884-82c9-422e-bee5-4425a48da4c3 2020-10-15 15:07:04+00:00| seen| MISP/cbd9bbb3-3f53-4610-9d91-9191ff0a9ca8 2020-10-16 06:55:52+00:00| seen| MISP/25aef508-b116-4d75-84b2-b6ceff906e44 2021-09-21 06:42:52+00:00|...
org.apache.kylin:kylin-cache (>=2.6.0 <=2.6.5), org.apache.kylin:kylin-core-cube (>=1.5.0 <=2.6.5) +16 more potentially affected by CVE-2020-1956 via org.apache.kylin:kylin-core-common (>=1.5.0 <=2.6.5)
org.apache.kylin:kylin-core-common MAVEN version =1.5.0, =2.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =2.3.2, =1.5.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =2.6.5 - org.apache.kylin:kylin-tool =1.5.1 and more Source cves: CVE-2020-1956 Source advisory: OSV:GHSA-GPRM-XQRC-C2J3...
CVE-2020-1956
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...
CVE-2020-1956
Apache Kylin CVE-2020-1956 affects 2.3.0 and releases up to 2.6.5 and 3.0.1, where REST APIs concatenate user input into OS commands, enabling likely remote code execution with high impact. Connected documents confirm vulnerable versions and the underlying command injection in the REST layer; som...