GHSA-7hmh-8gwv-mfvq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7hmh-8gwv-mfvq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/07/GHSA-7hmh-8gwv-mfvq/GHSA-7hmh-8gwv-mfvq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7hmh-8gwv-mfvq
- Aliases
- Published
- 2020-07-27T22:51:47Z
- Modified
- 2023-11-08T04:02:46.239064Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- SQL Injection in Kylin
- Details
-
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
- Database specific
{ "nvd_published_at": "2020-02-24T21:15:00Z", "github_reviewed_at": "2020-07-27T22:50:42Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-89" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-1937
- https://github.com/apache/kylin/commit/e373c64c96a54a7abfe4bccb82e8feb60db04749
- https://github.com/apache/kylin
- https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
- https://lists.apache.org/thread.html/r61666760d8a4e8764b2d5fe158d8a48b569414480fbfadede574cdc0@%3Ccommits.kylin.apache.org%3E
- https://lists.apache.org/thread.html/rc574fef23740522f62ab3bbda4f6171be98aa7a25f3f54be143a80a8%40%3Cuser.kylin.apache.org%3E
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKYLIN-552148
Affected packages
Maven / org.apache.kylin:kylin-server-base
Package
- Name
- org.apache.kylin:kylin-server-base
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.kylin/kylin-server-base
Maven / org.apache.kylin:kylin-server-base
Package
- Name
- org.apache.kylin:kylin-server-base
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.kylin/kylin-server-base