Lucene search
Veracode Vulnerability DatabaseVERACODE:33540HistoryJan 07, 2022 - 4:22 a.m.
Privilege Escalation
2022-01-0704:22:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.004 Low
EPSS
Percentile
72.7%
kylin-server-base is vulnerable to privilege escalation. The vulnerability exists in the setParam function in QueryService.java, allowing an attacker to load any class through the Class.forName function.
References
www.openwall.com/lists/oss-security/2022/01/06/4
github.com/advisories/GHSA-q656-g2x3-8cgh
github.com/apache/kylin/commit/e30ea70b7206ec7b1ef052ab5b904ec5344b1d4c
github.com/apache/kylin/pull/1695
github.com/apache/kylin/pull/1763
lists.apache.org/thread/hh5crx3yr701zd8wtpqo1mww2rlkvznw
www.openwall.com/lists/oss-security/2022/01/06/4
Related
osv
osv
CVE-2021-31522
2022-01-06 13:15:08
Kylin can receive user input and load any class through Class.forName(...).
2022-01-08 00:43:01
cvelist
cvelist
CVE-2021-31522 Apache Kylin unsafe class loading
2022-01-06 12:35:18
nvd
nvd
CVE-2021-31522
2022-01-06 13:15:08
cve
cve
CVE-2021-31522
2022-01-06 13:15:08
cnvd
cnvd
Apache Kylin Input Validation Error Vulnerability
2022-01-10 00:00:00
prion
prion
Design/Logic Flaw
2022-01-06 13:15:00
github
github
Kylin can receive user input and load any class through Class.forName(...).
2022-01-08 00:43:01