CVE-2020-1937

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.