Identifier

CVE-2020-13926

Package Slug

maven/org.apache.kylin/kylin

Vulnerability

SQL Injection

Description

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible.

Affected Versions

All versions starting from 2.0.0 before 3.1.0

Solution

Upgrade to version 3.1.0 or above.

Last Modified

2020-07-23

source