CVE-2020-1937: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

July 27, 2020 (updated September 22, 2021)

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

References

github.com/advisories/GHSA-7hmh-8gwv-mfvq
github.com/apache/kylin/commit/e373c64c96a54a7abfe4bccb82e8feb60db04749
nvd.nist.gov/vuln/detail/CVE-2020-1937

Detect and mitigate CVE-2020-1937 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →