kylin-core-common is vulnerable to OS command injection. The vulnerability exists as it uses a regular expression which provided insufficient blacklist of characters, allowing prohibited characters to be interpreted and executed.
CPE | Name | Operator | Version |
---|---|---|---|
apache kylin - core common | le | 3.0.2 |
github.com/apache/kylin/commit/335d61b62517006d7e7b55638bb6fd305dffbea1
lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cuser.kylin.apache.org%3E