'[oss-security] CVE-2022-44621: Apache Kylin: Command injection by Diagnosis Controller'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-44621: Apache Kylin: Command injection by Diagnosis Controller
From:       Xiaoxiang Yu <xxyu () apache ! org>
Date:       2022-12-30 7:15:23
Message-ID: 20b7e5b0-8c9d-fdf0-8346-6ccd5b721b29 () apache ! org
[Download RAW message or body]

Severity: important

Description:

Diagnosis Controller miss parameter validation, so user may attacked by command injection via \
HTTP Request.

Work Arounds:

Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.3 or apply patch  \
https://github.com/apache/kylin/pull/2011 https://github.com/apache/kylin/pull/2011

Credit:

Messy God <godimessy@gmail.com> (finder)

References:

https://kylin.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-44621

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic