org.apache.kylin:kylin-cache (>=2.6.0 <=2.6.5), org.apache.kylin:kylin-core-cube (>=1.5.0 <=2.6.5) +16 more potentially affected by CVE-2020-1956 via org.apache.kylin:kylin-core-common (>=1.5.0 <=2.6.5)

org.apache.kylin:kylin-core-common MAVEN version =1.5.0, =2.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =2.3.2, =1.5.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =2.6.5 - org.apache.kylin:kylin-tool =1.5.1 and more Source cves: CVE-2020-1956 Source advisory: OSV:GHSA-GPRM-XQRC-C2J3...

OS Command Injection

kylin-core-common is vulnerable to OS command injection. The vulnerability exists as it uses a regular expression which provided insufficient blacklist of characters, allowing prohibited characters to be interpreted and executed...