Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Veracode
Veracodeadded 2022/01/07 2:15 p.m.22 views

Command Injection

org.apache.kylin:kylin-core-common is vulnerable to command injection. A remote attacker is able to pass an illegal project name due to a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService resulting in arbitrary command injection...

9.8CVSS4.1AI score0.88614EPSS
Exploits0References5Affected Software1
CNVD
CNVDadded 2022/01/07 12:0 a.m.23 views

Apache Kylin OS Command Injection Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface and multidimensional analysis OLAP on top of Hadoop/Spark. Apache kylin is vulnerable to operating system command injection, which stems from the fact tha...

9.8CVSS2.6AI score0.88614EPSS
Exploits0References1
Prion
Prionadded 2022/01/06 1:15 p.m.19 views

Command injection

Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass...

7.5CVSS9.8AI score0.88614EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder