Vulnerabilities > Apache > Kylin > 2.4.0

DATE CVE VULNERABILITY TITLE RISK
2020-07-14 CVE-2020-13925 OS Command Injection vulnerability in Apache Kylin
Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely.
network
low complexity
apache CWE-78
critical
 9.8
9.8
2020-05-22 CVE-2020-1956 OS Command Injection vulnerability in Apache Kylin
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
network
low complexity
apache CWE-78
8.8
8.8
2020-02-24 CVE-2020-1937 SQL Injection vulnerability in Apache Kylin
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
network
low complexity
apache CWE-89
8.8
8.8