Maven package
org.apache.kylin/kylin-spark-project
pkg:maven/org.apache.kylin/kylin-spark-project
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24697 | — | < 4.0.2 | 4.0.2 | Oct 13, 2022 | Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system comma |
- CVE-2022-24697Oct 13, 2022affected < 4.0.2fixed 4.0.2
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system comma