Identifier

CVE-2020-13925

Package Slug

maven/org.apache.kylin/kylin

Vulnerability

OS Command Injection

Description

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely.

Affected Versions

All versions starting from 2.3.0 before 3.1.0

Solution

Upgrade to version 3.1.0 or above.

Last Modified

2020-07-23

source