>= 2.0.0, < 5.0.0
HIGH8.8CVE-2022-43396Apache Kylin vulnerable to Command injection by Useless configuration >= 2.0.0, < 4.0.3
>= 4.0.0, < 5.0.3
HIGH7.5Apache Kylin Files or Directories Accessible to External Parties
>= 4.0.0, < 5.0.3
HIGH7.5In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.
from 0, < 3.1.3
HIGH7.5Use of Hard-coded Credentials in Apache Kylin
from 0, < 3.1.3
HIGH7.3Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability
>= 4.0.0, < 5.0.3
MEDIUM6.5SQL Injection in Apache Kylin
from 0, < 3.1.3
MEDIUM5.3Authentication bypass in Apache Kylin
from 0, < 3.1.1
—Apache Kylin Code Injection via JDBC Configuration Alteration
>= 4.0.0, < 5.0.2
—Server-Side Request Forgery in Apache Kylin
from 0, < 3.1.3
—Kylin can receive user input and load any class through Class.forName(...).
from 0, < 3.1.3
—Command Injection in Apache Kylin
from 0, < 4.0.1