|Package Slug|| |
OS Command Injection
Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely.
|Affected Versions|| |
All versions starting from 2.3.0 before 3.1.0
Upgrade to version 3.1.0 or above.
|Last Modified|| |