kylin-server-base is vulnerable to SQL injection. SQL statements are concatenated and executed in the CLI or beeline when building new segments, allowing an attacker to inject and execute arbitrary SQL statements if system configurations are overwritten via rest APIs.
CPE | Name | Operator | Version |
---|---|---|---|
apache kylin - rest server base | le | 2.5.2 | |
apache kylin - rest server base | le | 3.0.2 |