CVE-2020-1937

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
24/02/2020
Last modified:
07/11/2023

Description

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:* 2.3.0 (including) 2.3.2 (including)
cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:* 2.4.0 (including) 2.4.1 (including)
cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:* 2.5.0 (including) 2.5.2 (including)
cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:* 2.6.0 (including) 2.6.4 (including)
cpe:2.3:a:apache:kylin:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:beta:*:*:*:*:*:*