QID 980739

QID 980739: Java (maven) Security Update for org.apache.kylin:kylin-server-base (GHSA-qwfw-gxx2-mmv2)

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all previous versions after 2.3 should upgrade to 3.1.0.

Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.

CVSS V3 rated as Critical - 9.8 severity.

CVSS V2 rated as Critical - 10 severity.

Solution

Customers are advised to refer to GHSA-qwfw-gxx2-mmv2 for updates pertaining to this vulnerability.

Vendor References

GHSA-qwfw-gxx2-mmv2 - github.com/advisories/GHSA-qwfw-gxx2-mmv2

CVEs related to QID 980739

CVE-2020-13925 |

Software Advisories

Advisory ID	Software	Component	Link
GHSA-qwfw-gxx2-mmv2	org.apache.kylin:kylin-server-base		github.com/advisories/GHSA-qwfw-gxx2-mmv2

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].