CVE-2020-1937

CVSS v3.1 8.8 (High)

CVSS v2.0 6.5 (Medium)

EPSS 0.26 % (66^th)

Affected Products 1

Advisories 1

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

Weaknesses

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2020-02-24 21:15:16
(4 years ago)
Updated Date: 2023-11-07 03:19:36
(10 months ago)

Affected Products

Apache

Kylin

Configuration #1

		CPE23	From	Up To
	Apache Kylin from 2.3.0 version and 2.3.2 and prior versions	cpe:2.3:a:apache:kylin	>= 2.3.0	<= 2.3.2
	Apache Kylin from 2.4.0 version and 2.4.1 and prior versions	cpe:2.3:a:apache:kylin	>= 2.4.0	<= 2.4.1
	Apache Kylin from 2.5.0 version and 2.5.2 and prior versions	cpe:2.3:a:apache:kylin	>= 2.5.0	<= 2.5.2
	Apache Kylin from 2.6.0 version and 2.6.4 and prior versions	cpe:2.3:a:apache:kylin	>= 2.6.0	<= 2.6.4
	Apache Kylin 3.0.0	cpe:2.3:a:apache:kylin:3.0.0:-
	Apache Kylin 3.0.0 Alpha	cpe:2.3:a:apache:kylin:3.0.0:alpha
	Apache Kylin 3.0.0 Alpha2	cpe:2.3:a:apache:kylin:3.0.0:alpha2
	Apache Kylin 3.0.0 Beta	cpe:2.3:a:apache:kylin:3.0.0:beta