Maven package
org.apache.kylin/kylin-common-server
pkg:maven/org.apache.kylin/kylin-common-server
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-61735 | — | >= 4.0.0, < 5.0.3 | 5.0.3 | Oct 2, 2025 | Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the | ||
| CVE-2025-61734 | — | >= 4.0.0, < 5.0.3 | 5.0.3 | Oct 2, 2025 | Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0. | ||
| CVE-2024-48944 | — | >= 5.0.0, < 5.0.2 | 5.0.2 | Mar 27, 2025 | Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin a |
- CVE-2025-61735Oct 2, 2025affected >= 4.0.0, < 5.0.3fixed 5.0.3
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the
- CVE-2025-61734Oct 2, 2025affected >= 4.0.0, < 5.0.3fixed 5.0.3
Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.
- CVE-2024-48944Mar 27, 2025affected >= 5.0.0, < 5.0.2fixed 5.0.2
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin a