pkg:maven/org.apache.kylin/kylin
Type
maven
Namespace
org.apache.kylin
Name
kylin
Known advisories, vulnerabilities and fixes for org.apache.kylin/kylin package.
High
3
Moderate
5
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | = 4.0.0-alpha < 3.1.1 |
CVE-2020-13937
|
 MAVEN:GHSA-2HPG-VWQJ-6H6W
|
Authentication bypass in Apache Kylin | moderate |
2022-02-10T20:25:56
(2 years ago) |
|
| Fixed | = 4.0.0-beta = 3.1.1 |
CVE-2020-13937
|
MAVEN:GHSA-2HPG-VWQJ-6H6W
|
Authentication bypass in Apache Kylin | moderate |
2022-02-10T20:25:56
(2 years ago) |
|
| Affected | < 3.1.3 |
CVE-2021-36774
|
MAVEN:GHSA-5429-PJWW-7675
|
SQL Injection in Apache Kylin | moderate |
2022-01-08T00:43:04
(2 years ago) |
|
| Fixed | = 3.1.3 |
CVE-2021-36774
|
MAVEN:GHSA-5429-PJWW-7675
|
SQL Injection in Apache Kylin | moderate |
2022-01-08T00:43:04
(2 years ago) |
|
| Affected | = 4.0.0 < 3.1.3 |
CVE-2021-45458
|
MAVEN:GHSA-9FJ5-JG6F-QG5R
|
Use of Hard-coded Credentials in Apache Kylin | high |
2022-01-08T00:43:09
(2 years ago) |
|
| Fixed | = 4.0.1 = 3.1.3 |
CVE-2021-45458
|
MAVEN:GHSA-9FJ5-JG6F-QG5R
|
Use of Hard-coded Credentials in Apache Kylin | high |
2022-01-08T00:43:09
(2 years ago) |
|
| Affected | >= 2.0.0, < 4.0.3 |
CVE-2022-43396
|
MAVEN:GHSA-F5Q9-J9R2-34GQ
|
Apache Kylin vulnerable to Command injection by Useless configuration | high |
2022-12-30T12:30:25
(20 months ago) |
|
| Fixed | = 4.0.3 |
CVE-2022-43396
|
MAVEN:GHSA-F5Q9-J9R2-34GQ
|
Apache Kylin vulnerable to Command injection by Useless configuration | high |
2022-12-30T12:30:25
(20 months ago) |
|
| Affected | < 4.0.1 |
CVE-2021-45456
|
MAVEN:GHSA-HW3M-8H25-8FRW
|
Command Injection in Apache Kylin | moderate |
2022-01-08T00:42:59
(2 years ago) |
|
| Fixed | = 4.0.1 |
CVE-2021-45456
|
MAVEN:GHSA-HW3M-8H25-8FRW
|
Command Injection in Apache Kylin | moderate |
2022-01-08T00:42:59
(2 years ago) |
|
| Affected | = 4.0.0 < 3.1.3 |
CVE-2021-45457
|
MAVEN:GHSA-MGPF-HHGF-CXG4
|
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. | high |
2022-01-08T00:43:16
(2 years ago) |
|
| Fixed | = 4.0.1 = 3.1.3 |
CVE-2021-45457
|
MAVEN:GHSA-MGPF-HHGF-CXG4
|
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. | high |
2022-01-08T00:43:16
(2 years ago) |
|
| Affected | = 4.0.0 < 3.1.3 |
CVE-2021-31522
|
MAVEN:GHSA-Q656-G2X3-8CGH
|
Kylin can receive user input and load any class through Class.forName(...). | moderate |
2022-01-08T00:43:01
(2 years ago) |
|
| Fixed | = 4.0.1 = 3.1.3 |
CVE-2021-31522
|
MAVEN:GHSA-Q656-G2X3-8CGH
|
Kylin can receive user input and load any class through Class.forName(...). | moderate |
2022-01-08T00:43:01
(2 years ago) |
|
| Affected | < 3.1.3 |
CVE-2021-27738
|
MAVEN:GHSA-WRX7-QGMJ-MF2Q
|
Server-Side Request Forgery in Apache Kylin | moderate |
2022-01-08T00:43:04
(2 years ago) |
|
| Fixed | = 3.1.3 |
CVE-2021-27738
|
MAVEN:GHSA-WRX7-QGMJ-MF2Q
|
Server-Side Request Forgery in Apache Kylin | moderate |
2022-01-08T00:43:04
(2 years ago) |