Moderate severityNVD Advisory· Published Jan 6, 2022· Updated Aug 4, 2024
Mysql JDBC Connector Deserialize RCE
CVE-2021-36774
Description
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.kylin:kylinMaven | < 3.1.3 | 3.1.3 |
Affected products
2- Apache Software Foundation/Apache Kylinv5Range: Apache Kylin 2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-5429-pjww-7675ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-36774ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/01/06/5ghsamailing-listx_refsource_MLISTWEB
- github.com/apache/kylin/pull/1646ghsaWEB
- lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2owghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.