Lucene search
Veracode Vulnerability DatabaseVERACODE:25895HistoryJul 16, 2020 - 6:10 a.m.
OS Command Injection
2020-07-1606:10:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.004 Low
EPSS
Percentile
75.3%
kylin-core-common is vulnerable to OS command injection. The vulnerability exists as it uses a regular expression which provided insufficient blacklist of characters, allowing prohibited characters to be interpreted and executed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache kylin - core common | le | 3.0.2 |
References
github.com/apache/kylin/commit/335d61b62517006d7e7b55638bb6fd305dffbea1
lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cuser.kylin.apache.org%3E
Related
githubexploit
githubexploit
Exploit for OS Command Injection in Apache Kylin
2020-07-20 10:38:14
checkpoint_advisories
checkpoint_advisories
Apache Kylin Command Injection (CVE-2020-13925)
2020-07-28 00:00:00
attackerkb
attackerkb
CVE-2020-1956
2020-05-22 00:00:00
CVE-2020-13925
2020-07-14 00:00:00
cvelist
cvelist
CVE-2020-13925
2020-07-14 12:47:46
github
github
Command Injection in Kylin
2020-07-27 22:51:37
nvd
nvd
CVE-2020-13925
2020-07-14 13:15:11
prion
prion
Input validation
2020-07-14 13:15:00
osv
osv
CVE-2020-13925
2020-07-14 13:15:00
Command Injection in Kylin
2020-07-27 22:51:37
cve
cve
CVE-2020-13925
2020-07-14 13:15:11