CVE-2021-36774

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-36774

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36774.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-36774

Aliases

GHSA-5429-pjww-7675

Published

2022-01-06T13:15:08.080Z

Modified

2026-03-14T11:02:45.286917Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.

References

Affected packages

Git / github.com/apache/kylin

Affected ranges

Type

GIT

Repo

https://github.com/apache/kylin

Events

Introduced

375fd807c281d8c5deff0620747c806be2019782

Last affected

ddd5f8ecd4157b8f889b047e421dd9cfae7e1142

Introduced

c75242a9b55fd57a3a58d92a2dfa9f21cfe4eebc

Last affected

f2639f670f82b39884a7c4d264d3b26dc938ae46

Database specific

{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.6.6"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "last_affected": "3.1.2"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36774.json"