Hongrong Cao created KYLIN-5706:
-----------------------------------
Summary: Fix the command line injection vulnerability when
generating diagnostic packages through scripts
Key: KYLIN-5706
URL: https://issues.apache.org/jira/browse/KYLIN-5706
Project: Kylin
Issue Type: Bug
Affects Versions: 5.0-beta
Reporter: Hongrong Cao
Assignee: Zhiting Guo
Fix For: 5.0.0
The diagnostic package will call the command line to execute the shell script
through java, and kylin does not escape the input from the user, and directly
splices it into the command line, resulting in command line injection.
Therefore, we need to escape the user input that will be spliced into the cmd.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
