CVE-2022-44621: Improper Neutralization of Special Elements used in a Command ('Command Injection')

December 30, 2022 (updated April 14, 2023)

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.

References

github.com/advisories/GHSA-w9rv-xmf7-x3gh
github.com/apache/kylin/commit/fd2977e21c51f1afed668f2d9713cf562f2dc42d
github.com/apache/kylin/pull/2011
github.com/apache/kylin/pull/2011/commits/418a63c61379d429312972fc94b87994e06b664f
lists.apache.org/thread/7ctchj24dofgsj9g1rg1245cms9myb34
nvd.nist.gov/vuln/detail/CVE-2022-44621

Detect and mitigate CVE-2022-44621 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →