Lucene search
K

18 matches found

Snyk
Snyk
added 2025/10/02 12:31 p.m.2 views

Authentication Bypass Using an Alternate Path or Channel

Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the /api/user/updateuser endpoint. An attacker can gain unauthorized access by exploiting this endpoint t...

9.3CVSS7AI score0.01224EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/02 12:31 p.m.3 views

Server-side Request Forgery (SSRF)

Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted...

7.3CVSS6.9AI score0.00499EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/10/02 12:31 p.m.6 views

org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61735 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)

org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61735 Source advisory: OSV:GHSA-F6M8-QM7J-FH65...

7.3CVSS5.8AI score0.00499EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/02 12:31 p.m.7 views

org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61733 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)

org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61733 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-13181893...

7.5CVSS5.8AI score0.01224EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/02 12:31 p.m.6 views

org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61735 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)

org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61735 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-13181847...

7.3CVSS5.8AI score0.00499EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/02 12:31 p.m.6 views

org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61734 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)

org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61734 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-13181860...

7.5CVSS5.8AI score0.01251EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/02 12:31 p.m.6 views

org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61734 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)

org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61734 Source advisory: OSV:GHSA-P86W-W5RH-M3HX...

7.5CVSS5.8AI score0.01251EPSS
Exploits0
Snyk
Snyk
added 2025/10/02 12:31 p.m.4 views

Files or Directories Accessible to External Parties

Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests...

7.5CVSS6.7AI score0.01251EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/10/02 12:31 p.m.6 views

org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61733 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)

org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61733 Source advisory: OSV:GHSA-MR9J-4J48-XCM2...

7.5CVSS5.8AI score0.01224EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/27 3:31 p.m.6 views

org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.0-beta), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-30067 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.0)

org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-30067 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-9538803...

7.2CVSS5.8AI score0.00815EPSS
Exploits0
Snyk
Snyk
added 2025/03/27 3:31 p.m.3 views

Arbitrary Code Injection

Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain...

7.2CVSS8.2AI score0.00815EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/27 3:31 p.m.3 views

Server-side Request Forgery (SSRF)

Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /kylin/api/xxx/diag endpoint. An attacker can forge requests to internal services by invoking this specific API endpoint ...

6.5CVSS7AI score0.00577EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/03/27 3:31 p.m.7 views

org.apache.kylin:kylin-engine-build-sdk (=5.0.0) potentially affected by CVE-2024-48944 via org.apache.kylin:kylin-core-common (=5.0.0)

org.apache.kylin:kylin-core-common MAVEN version =5.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.kylin:kylin-core-common and may be impacted: - org.apache.kylin:kylin-engine-build-sdk =5.0.0 Source cves: CVE-2024-48944 Source advisory...

6.5CVSS5.8AI score0.00577EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/01/29 3:30 p.m.5 views

org.apache.kylin:kylin-cache (>=2.6.0 <=4.0.0-alpha), org.apache.kylin:kylin-core-cube (>=2.0.0 <=4.0.0-alpha) +22 more potentially affected by CVE-2023-29055 via org.apache.kylin:kylin-core-common (>=2.0.0 <=4.0.0-alpha)

org.apache.kylin:kylin-core-common MAVEN version =2.0.0, =2.6.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.3.2, =2.0.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =3.0.2 - org.apache.kylin:kylin-spark-common =4.0.0-alpha and more Source cves: CVE-2023-29055 Source advisory:...

7.5CVSS7.1AI score0.01149EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/07/06 7:24 p.m.5 views

org.apache.kylin:kylin-cache (>=2.6.0 <=4.0.0-alpha), org.apache.kylin:kylin-core-cube (>=1.5.0 <=4.0.0-alpha) +23 more potentially affected by CVE-2022-24697 via org.apache.kylin:kylin-core-common (>=1.5.0 <=4.0.0-alpha)

org.apache.kylin:kylin-core-common MAVEN version =1.5.0, =2.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =2.3.2, =1.5.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =3.0.2 - org.apache.kylin:kylin-spark-common =4.0.0-alpha and more Source cves: CVE-2022-24697 Source advisory:...

9.8CVSS7.2AI score0.84777EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/07/27 10:51 p.m.6 views

org.apache.kylin:kylin-cache (>=3.0.0 <=3.0.1), org.apache.kylin:kylin-core-cube (>=3.0.0 <=3.0.1) +14 more potentially affected by CVE-2020-1956 via org.apache.kylin:kylin-core-common (>=3.0.0 <=3.0.1)

org.apache.kylin:kylin-core-common MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1 and more Source cves: CVE-2020-1956 Source advisory: OSV:GHSA-GPRM-XQRC-C2J3...

9CVSS7.2AI score0.9796EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2020/07/27 10:51 p.m.8 views

org.apache.kylin:kylin-cache (>=2.6.0 <=2.6.5), org.apache.kylin:kylin-core-cube (>=1.5.0 <=2.6.5) +16 more potentially affected by CVE-2020-1956 via org.apache.kylin:kylin-core-common (>=1.5.0 <=2.6.5)

org.apache.kylin:kylin-core-common MAVEN version =1.5.0, =2.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =2.3.2, =1.5.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =2.6.5 - org.apache.kylin:kylin-tool =1.5.1 and more Source cves: CVE-2020-1956 Source advisory: OSV:GHSA-GPRM-XQRC-C2J3...

9CVSS7.2AI score0.9796EPSS
Exploits2
Veracode
Veracode
added 2020/07/16 6:10 a.m.20 views

OS Command Injection

kylin-core-common is vulnerable to OS command injection. The vulnerability exists as it uses a regular expression which provided insufficient blacklist of characters, allowing prohibited characters to be interpreted and executed...

9.8CVSS6.4AI score0.19859EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder