org.apache.kylin:kylin-query (=4.0.0-alpha), org.apache.kylin:kylin-spark-engine (=4.0.0-alpha) +4 more potentially affected by CVE-2025-30067 via org.apache.kylin:kylin-datasource-sdk (=4.0.0-alpha)

org.apache.kylin:kylin-datasource-sdk MAVEN version =4.0.0-alpha is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.kylin:kylin-datasource-sdk and may be impacted: - org.apache.kylin:kylin-query =4.0.0-alpha - org.apache.kylin:kylin-spark-engin...

Remote Code Execution (RCE)

org.apache.kylin:kylin-datasource-sdk is vulnerable to remote code execution. A remote attacker is able to inject and execute malicious code from a hacker-controlled malicious MySQL server within Kylin server processes because the library allows users to read data from other database systems usin...