Severity: Important Vendor: The Apache Software Foundation
Versions Affected: Kylin 2.3.0 to 2.3.2 Kylin 2.4.0 to 2.4.1 Kylin 2.5.0 to 2.5.2 Kylin 2.6.0 to 2.6.4 Kylin 3.0.0-alpha, Kylin 3.0.0-alpha2, Kylin 3.0.0-beta, Kylin 3.0.0 Description: Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries. Mitigation: Users should upgrade to 3.0.1 or 2.6.5 Credit: This issue was discovered by Jonathan Leitschuh References: https://kylin.apache.org/docs/security.html --------------------- Best regards, Ni Chunen / George
