org.apache.kylin:kylin-core-common@4.0.2 vulnerabilities
-
latest version
4.0.4
-
first published
8 years ago
-
latest version published
3 months ago
-
licenses detected
- [1.5.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.kylin:kylin-core-common package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Server Config web interface which displays the content of the Note: This is only exploitable if the kylin service is accessible to external attackers and is not protected by HTTPS or network firewalls. How to fix Insufficiently Protected Credentials? Upgrade |
[2.0.0,4.0.4)
|
org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-24697. The blacklist is used to filter user input commands, but there is a risk of being bypassed. The user can control the command by controlling the How to fix Command Injection? Upgrade |
[2.0.0,4.0.3)
|
org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Cryptographic Issues due to usage of insecure How to fix Cryptographic Issues? Upgrade |
[,kylin-3.1.0)
|