CVE-2021-45457

Insufficiently Protected Credentials in maven/org.apache.kylin/kylin

Identifiers

CVE-2021-45457

Package Slug

maven/org.apache.kylin/kylin

Vulnerability

Insufficiently Protected Credentials

Description

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 and prior versions; Apache Kylin 3 and prior versions; Apache Kylin 4 and prior versions.

Affected Versions

All versions starting from 2.0.0 up to 2.6.6, all versions starting from 3.0.0 before 3.1.3, version 4.0.0

Solution

Upgrade to versions 3.1.3, 4.0.1 or above.

Last Modified

2022-01-14

source