CVE-2020-1937

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-1937
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1937.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1937
Aliases
Published
2020-02-24T21:15:16.767Z
Modified
2026-04-10T04:24:06.309174Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

References

Affected packages

Git / github.com/apache/kylin

Affected ranges

Type
GIT
Repo
https://github.com/apache/kylin
Events
Introduced
1179ee72d0a2a2c629a649751ef43ae9e82dc87a
Last affected
8247ffc2d8a8a20381575389ffb3834d784ad4ce
Introduced
b450cc52f976ddafba7c6625d2440670af94332b
Last affected
5606c32e236b4443ca81eb15a575c46b87e3868c
Introduced
158f8768debe99746c66e516e4596707a476d7d6
Last affected
0e519d859e217fbfadd534313376e532d2c647fa
Introduced
8737bc1f555a2789a67462c8f8420b6ab3be97ce
Last affected
97505df25a1c9223fe650b00343722a7cee78ffb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c75242a9b55fd57a3a58d92a2dfa9f21cfe4eebc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8872e28de06b05b11a423f32ff62a5d00ed84813
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c11034fbff25eb298617980f48b300314af471d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9d523862f29920292ab195b31c231f2f57f18594
Database specific 
{
    "versions": [
        {
            "introduced": "2.3.0"
        },
        {
            "last_affected": "2.3.2"
        },
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.1"
        },
        {
            "introduced": "2.5.0"
        },
        {
            "last_affected": "2.5.2"
        },
        {
            "introduced": "2.6.0"
        },
        {
            "last_affected": "2.6.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-alpha2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-beta"
        }
    ]
}

Affected versions

kylin-2.*
kylin-2.3.0
kylin-2.3.1
kylin-2.3.2
kylin-2.4.1
kylin-2.5.2
kylin-2.6.0
kylin-2.6.4
kylin-3.*
kylin-3.0.0
kylin-3.0.0-alpha
kylin-3.0.0-alpha2
kylin-3.0.0-beta
v0.*
v0.6.1
v0.6.1_mysql_auth

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1937.json"