You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kylin.apache.org by Xiaoxiang Yu <xx...@apache.org> on 2022/12/30 07:15:23 UTC
CVE-2022-44621: Apache Kylin: Command injection by Diagnosis Controller
Severity: important
Description:
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
Work Arounds:
Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.3 or apply patch https://github.com/apache/kylin/pull/2011 https://github.com/apache/kylin/pull/2011
Credit:
Messy God <go...@gmail.com> (finder)
References:
https://kylin.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-44621