org.apache.kylin:kylin-datasource-sdk is vulnerable to remote code execution. A remote attacker is able to inject and execute malicious code from a hacker-controlled malicious MySQL server within Kylin server processes because the library allows users to read data from other database systems using JDBC.