| Max CVSS | 10.0 | Min CVSS | 6.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-1937 | 6.5 |
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
|
30-12-2021 - 20:56 | 24-02-2020 - 21:15 | |
| CVE-2020-13925 | 10.0 |
Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibili
|
21-07-2020 - 19:41 | 14-07-2020 - 13:15 | |
| CVE-2020-13926 | 7.5 |
Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is pos
|
21-07-2020 - 19:33 | 14-07-2020 - 13:15 | |
| CVE-2020-1956 | 9.0 |
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
|
15-07-2020 - 10:15 | 22-05-2020 - 14:15 |