CVE-2020-1956

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
Configurations

Configuration 1

cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*

Information

Published : 2020-05-22 02:15

Updated : 2020-07-15 10:15


NVD link : CVE-2020-1956

Mitre link : CVE-2020-1956

Products Affected
No products.
CWE