Vulnerabilities > Apache > Kylin > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-30 | CVE-2022-44621 | Command Injection vulnerability in Apache Kylin Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request. | 9.8 |
| 2022-10-13 | CVE-2022-24697 | OS Command Injection vulnerability in Apache Kylin Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. | 9.8 |
| 2022-01-06 | CVE-2021-45456 | Command Injection vulnerability in Apache Kylin 4.0.0 Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. | 9.8 |
| 2022-01-06 | CVE-2021-31522 | Unsafe Reflection vulnerability in Apache Kylin Kylin can receive user input and load any class through Class.forName(...). | 9.8 |
| 2020-07-14 | CVE-2020-13925 | OS Command Injection vulnerability in Apache Kylin Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. | 9.8 |
| 2020-07-14 | CVE-2020-13926 | SQL Injection vulnerability in Apache Kylin Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. | 9.8 |