18 matches found
Authentication Bypass Using an Alternate Path or Channel
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the /api/user/updateuser endpoint. An attacker can gain unauthorized access by exploiting this endpoint t...
Server-side Request Forgery (SSRF)
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61735 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61735 Source advisory: OSV:GHSA-F6M8-QM7J-FH65...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61733 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61733 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-13181893...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61735 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61735 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-13181847...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61734 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61734 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-13181860...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61734 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61734 Source advisory: OSV:GHSA-P86W-W5RH-M3HX...
Files or Directories Accessible to External Parties
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61733 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61733 Source advisory: OSV:GHSA-MR9J-4J48-XCM2...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.0-beta), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-30067 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.0)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-30067 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-9538803...
Arbitrary Code Injection
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain...
Server-side Request Forgery (SSRF)
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /kylin/api/xxx/diag endpoint. An attacker can forge requests to internal services by invoking this specific API endpoint ...
org.apache.kylin:kylin-engine-build-sdk (=5.0.0) potentially affected by CVE-2024-48944 via org.apache.kylin:kylin-core-common (=5.0.0)
org.apache.kylin:kylin-core-common MAVEN version =5.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.kylin:kylin-core-common and may be impacted: - org.apache.kylin:kylin-engine-build-sdk =5.0.0 Source cves: CVE-2024-48944 Source advisory...
org.apache.kylin:kylin-cache (>=2.6.0 <=4.0.0-alpha), org.apache.kylin:kylin-core-cube (>=2.0.0 <=4.0.0-alpha) +22 more potentially affected by CVE-2023-29055 via org.apache.kylin:kylin-core-common (>=2.0.0 <=4.0.0-alpha)
org.apache.kylin:kylin-core-common MAVEN version =2.0.0, =2.6.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.3.2, =2.0.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =3.0.2 - org.apache.kylin:kylin-spark-common =4.0.0-alpha and more Source cves: CVE-2023-29055 Source advisory:...
org.apache.kylin:kylin-cache (>=2.6.0 <=4.0.0-alpha), org.apache.kylin:kylin-core-cube (>=1.5.0 <=4.0.0-alpha) +23 more potentially affected by CVE-2022-24697 via org.apache.kylin:kylin-core-common (>=1.5.0 <=4.0.0-alpha)
org.apache.kylin:kylin-core-common MAVEN version =1.5.0, =2.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =2.3.2, =1.5.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =3.0.2 - org.apache.kylin:kylin-spark-common =4.0.0-alpha and more Source cves: CVE-2022-24697 Source advisory:...
org.apache.kylin:kylin-cache (>=3.0.0 <=3.0.1), org.apache.kylin:kylin-core-cube (>=3.0.0 <=3.0.1) +14 more potentially affected by CVE-2020-1956 via org.apache.kylin:kylin-core-common (>=3.0.0 <=3.0.1)
org.apache.kylin:kylin-core-common MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1 and more Source cves: CVE-2020-1956 Source advisory: OSV:GHSA-GPRM-XQRC-C2J3...
org.apache.kylin:kylin-cache (>=2.6.0 <=2.6.5), org.apache.kylin:kylin-core-cube (>=1.5.0 <=2.6.5) +16 more potentially affected by CVE-2020-1956 via org.apache.kylin:kylin-core-common (>=1.5.0 <=2.6.5)
org.apache.kylin:kylin-core-common MAVEN version =1.5.0, =2.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =2.3.2, =1.5.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =2.6.5 - org.apache.kylin:kylin-tool =1.5.1 and more Source cves: CVE-2020-1956 Source advisory: OSV:GHSA-GPRM-XQRC-C2J3...
OS Command Injection
kylin-core-common is vulnerable to OS command injection. The vulnerability exists as it uses a regular expression which provided insufficient blacklist of characters, allowing prohibited characters to be interpreted and executed...