org.apache.kylin:kylin-server-base (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.kylin:kylin-server-base, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2020-13925 — CVSS 9.8 (critical): Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the…
CVE-2020-13926 — CVSS 9.8 (critical): Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system…
CVE-2022-24697 — CVSS 9.8 (critical): Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites…
CVE-2022-44621 — CVSS 9.8 (critical): Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
CVE-2020-1937 — CVSS 8.8 (high): Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database…