Vulnerability Database

299,184

Total vulnerabilities in the database

CVE-2020-1956

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 9
  • AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

Software From Fixed in
apache / kylin 2.5.0 2.5.2.x
apache / kylin 2.3.0 2.3.2.x
apache / kylin 3.0.0-alpha 3.0.0-alpha.x
apache / kylin 3.0.0-alpha2 3.0.0-alpha2.x
apache / kylin 3.0.0-beta 3.0.0-beta.x
apache / kylin 3.0.0 3.0.0.x
apache / kylin 3.0.1 3.0.1.x
apache / kylin 2.6.0 2.6.5.x
Maven icon org.apache.kylin / kylin-core-common - 2.6.6
Maven icon org.apache.kylin / kylin-core-common 3.0.0 3.0.2
apache / kylin 2.4.0 2.4.0.x
apache / kylin 2.4.1 2.4.1.x