Back to search
CVE-2021-45457
Published: Jan 6, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Kylin | affected Apache Kylin 2 - <= 2.6.6affected Apache Kylin 3 - <= 3.1.2affected Apache Kylin 4 - <= 4.0.0 |
References
https://lists.apache.org/thread/rzv4mq58okwj1n88lry82ol2wwm57q1m
x_refsource_MISC
[oss-security] 20220106 CVE-2021-45457: Apache Kylin: Overly broad CORS configuration
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now