CVE-2021-36774
Summary
| CVE | CVE-2021-36774 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-01-06 13:15:00 UTC |
| Updated | 2023-08-08 14:22:00 UTC |
| Description | Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE | MLIST | www.openwall.com | |
| lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | MISC | lists.apache.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: jinchen sheng <[email protected]>
There are currently no legacy QID mappings associated with this CVE.