CVE-2021-31522
published 2022-01-06CVE-2021-31522: Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | kylin | — | — |
| apache | kylin | 2.0.0 – 2.6.6 | — |
| apache | kylin | >= 3.0.0 < 3.1.3 | 3.1.3 |
| apache_software_foundation | apache_kylin | Apache Kylin 2 – 2.6.6 | — |
| apache_software_foundation | apache_kylin | Apache Kylin 3 – 3.1.2 | — |
| apache_software_foundation | apache_kylin | Apache Kylin 4 – 4.0.0 | — |