2.6.6

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-14	CVE-2020-13925	OS Command Injection vulnerability in Apache Kylin Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. network low complexity apache CWE-78 critical	9.8