org.apache.kylin:kylin-core-common (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.kylin:kylin-core-common, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2022-24697 — CVSS 9.8 (critical): Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites…
CVE-2023-29055 — CVSS 7.5 (high): In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that…
CVE-2025-61733 — CVSS 7.5 (high): Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through…
CVE-2025-61734 — CVSS 7.5 (high): Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project…
CVE-2025-61735 — CVSS 7.3 (high): Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine…