|Max CVSS||10.0||Min CVSS||4.0||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibili
|21-07-2020 - 19:41||14-07-2020 - 13:15|
Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is pos
|21-07-2020 - 19:33||14-07-2020 - 13:15|
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
|15-07-2020 - 10:15||24-02-2020 - 21:15|
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
|15-07-2020 - 10:15||22-05-2020 - 14:15|