org.apache.kylin:kylin-core-common is vulnerable to command injection. A remote attacker is able to pass an illegal project name due to a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService
resulting in arbitrary command injection.
CPE | Name | Operator | Version |
---|---|---|---|
apache kylin - core common | eq | 4.0.0 | |
apache kylin - core common | eq | 4.0.0 |