Max CVSS 10.0 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-13925 10.0
Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibili
21-07-2020 - 19:41 14-07-2020 - 13:15
CVE-2020-13926 7.5
Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is pos
21-07-2020 - 19:33 14-07-2020 - 13:15
CVE-2020-1937 4.0
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
15-07-2020 - 10:15 24-02-2020 - 21:15
CVE-2020-1956 9.0
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
15-07-2020 - 10:15 22-05-2020 - 14:15
Back to Top Mark selected
Back to Top