CVE-2020-1956

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.1:*:*:*:*:*:*:*

Information

Published : 2020-05-22 07:15

Updated : 2020-07-15 03:15


NVD link : CVE-2020-1956

Mitre link : CVE-2020-1956


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

apache

  • kylin