Back to search
CVE-2021-36774
Published: Jan 6, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Kylin | affected Apache Kylin 2 - <= 2.6.6affected Apache Kylin 3 - <= 3.1.2 |
References
https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow
x_refsource_MISC
[oss-security] 20220106 CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now