CVE-2020-1937

Published: Feb 24, 2020
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-1937" target="_blank" rel="noopener"> CVE-2020-1937
GHSA: <a href="https://github.com/advisories/GHSA-7hmh-8gwv-mfvq" target="_blank" rel="noopener"> GHSA-7hmh-8gwv-mfvq
Severity: High
Exploit:

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
apache / kylin	2.6.0	2.6.4.x
apache / kylin	2.5.0	2.5.2.x
apache / kylin	2.4.0	2.4.1.x
apache / kylin	2.3.0	2.3.2.x
apache / kylin	3.0.0-alpha	3.0.0-alpha.x
apache / kylin	3.0.0-alpha2	3.0.0-alpha2.x
apache / kylin	3.0.0-beta	3.0.0-beta.x
apache / kylin	3.0.0	3.0.0.x
org.apache.kylin / kylin-server-base	-	2.6.5
org.apache.kylin / kylin-server-base	3.0.0	3.0.0.x
org.apache.kylin / kylin-server-base	3.0.0	3.0.1

Vulnerability Database