CVE-2021-45457
maven/org.apache.kylin/kylin
Insufficiently Protected Credentials
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 and prior versions; Apache Kylin 3 and prior versions; Apache Kylin 4 and prior versions.
All versions starting from 2.0.0 up to 2.6.6, all versions starting from 3.0.0 before 3.1.3, version 4.0.0
Upgrade to versions 3.1.3, 4.0.1 or above.
2022-01-14
source |