org.apache.kylin:kylin-core-common

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.kylin:kylin-core-commonpage 1 of 1

CVE-2020-1956HIGHCVSS 8.8EG 9.0⚠ KEV✓ Fixed in 3.0.2
2020-05-22
vulnerable: 3.0.0, 3.0.1
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
CVE-2022-24697CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.0.2
2022-10-13
vulnerable: 1.5.0 ... 4.0.1 (39 versions)
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- …
CVE-2023-29055HIGHCVSS 7.5EG 7.5✓ Fixed in 4.0.4
2024-01-29
vulnerable: 2.0.0 ... 4.0.3 (33 versions)
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protoc…

Check whether org.apache.kylin:kylin-core-common is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.kylin:kylin-core-common CVEs against the assets you own.

Start Free Scan →