CVE-2020-1937 — SQL Injection in Apache Kylin

CWE-89 — SQL Injection4 documents4 sources

Severity

8.8HIGHNVD

EPSS

6.6%

top 8.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Kylin Apache Kylin

Timeline

PublishedFeb 24

Latest updateJul 27

Description

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDapache/kylin2.3.0 — 2.3.2+4

▶CVEListV5apache/apache_kylin8 versions+7

🔴Vulnerability Details

GHSA

SQL Injection in Kylin↗2020-07-27

▶

OSV

SQL Injection in Kylin↗2020-07-27

▶

CVEList

CVE-2020-1937: Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries↗2020-02-24

▶