Back to search
CVE-2021-45456
Published: Jan 6, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass the check and perform the following steps, resulting in a command injection vulnerability. This issue affects Apache Kylin 4.0.0.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Kylin | affected Apache Kylin 4 4.0.0 |
References
https://lists.apache.org/thread/70fkf9w1swt2cqdcz13rwfjvblw1fcpf
x_refsource_MISC
[oss-security] 20220106 CVE-2021-45456: Apache Kylin: Command injection
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now