Back to search
CVE-2020-1956
Published: May 22, 2020
Modified: Oct 21, 2025
PUBLISHED
Description
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
| Vendor | Product | Versions |
|---|---|---|
Apache | Kylin | affected 2.3.0affected <=2.6.5affected <=3.0.1 |
References
[kylin-user] 20200713 [SECURITY][CVE-2020-13925] Apache Kylin command injection vulnerability
mailing-list
x_refsource_MLIST
[kylin-dev] 20200713 [SECURITY][CVE-2020-13925] Apache Kylin command injection vulnerability
mailing-list
x_refsource_MLIST
[kylin-commits] 20200713 svn commit: r1879845 - in /kylin/site: docs/security.html feed.xml
mailing-list
x_refsource_MLIST
[announce] 20200713 [SECURITY][CVE-2020-13925] Apache Kylin command injection vulnerability
mailing-list
x_refsource_MLIST
[oss-security] 20200714 [SECURITY][CVE-2020-13925] Apache Kylin command injection vulnerability
mailing-list
x_refsource_MLIST
[kylin-commits] 20200715 svn commit: r1879879 - in /kylin/site: docs/security.html feed.xml
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now