Lucene search
Veracode Vulnerability DatabaseVERACODE:22566HistoryFeb 25, 2020 - 5:04 a.m.
SQL Injection
2020-02-2505:04:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.003 Low
EPSS
Percentile
66.1%
kylin-server-base is vulnerable to SQL injection. User input to some RESTful APIs is not validated and sanitized before being concatenated to SQL queries. This allows an attacker to inject and execute arbitrary SQL statements in the database.
References
kylin.apache.org/docs/security.html
lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
lists.apache.org/thread.html/r61666760d8a4e8764b2d5fe158d8a48b569414480fbfadede574cdc0@%3Ccommits.kylin.apache.org%3E
lists.apache.org/thread.html/rc574fef23740522f62ab3bbda4f6171be98aa7a25f3f54be143a80a8%40%3Cuser.kylin.apache.org%3E
Related
nvd
nvd
CVE-2020-1937
2020-02-24 21:15:16
osv
osv
SQL Injection in Kylin
2020-07-27 22:51:47
CVE-2020-1937
2020-02-24 21:15:16
github
github
SQL Injection in Kylin
2020-07-27 22:51:47
githubexploit
githubexploit
Exploit for SQL Injection in Apache Kylin
2021-01-06 13:31:20
prion
prion
Input validation
2020-02-24 21:15:00
cve
cve
CVE-2020-1937
2020-02-24 21:15:16
cvelist
cvelist
CVE-2020-1937
2020-02-24 20:57:52