org.apache.kylin:kylin-core-common 5.0.0-alpha vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.kylin:kylin-core-common package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Authentication Bypass Using an Alternate Path or Channel org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the `/api/user/update_user` endpoint. An attacker can gain unauthorized access by exploiting this endpoint to bypass authentication mechanisms. How to fix Authentication Bypass Using an Alternate Path or Channel? Upgrade `org.apache.kylin:kylin-core-common` to version 5.0.3 or higher.	[4.0.0,5.0.3)
M Files or Directories Accessible to External Parties org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests to exposed resources. Note: This is only exploitable if the attacker has system or project admin access. How to fix Files or Directories Accessible to External Parties? Upgrade `org.apache.kylin:kylin-core-common` to version 5.0.3 or higher.	[4.0.0,5.0.3)
M Server-side Request Forgery (SSRF) org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted requests to internal or protected endpoints. Note: This is only exploitable if the attacker has system or project admin access. How to fix Server-side Request Forgery (SSRF)? Upgrade `org.apache.kylin:kylin-core-common` to version 5.0.3 or higher.	[4.0.0,5.0.3)
L Arbitrary Code Injection org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain system or project admin permissions. How to fix Arbitrary Code Injection? Upgrade `org.apache.kylin:kylin-core-common` to version 5.0.2 or higher.	[4.0.0,5.0.2)
M Cryptographic Issues org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Cryptographic Issues due to usage of insecure `AES/ECB/PKCS5Padding`. How to fix Cryptographic Issues? Upgrade `org.apache.kylin:kylin-core-common` to version kylin-3.1.0 or higher.	[,kylin-3.1.0)

Vulnerability

Vulnerable Version

Authentication Bypass Using an Alternate Path or Channel

org.apache.kylin:kylin-core-common is a package part of Apache Kylin.

Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the /api/user/update_user endpoint. An attacker can gain unauthorized access by exploiting this endpoint to bypass authentication mechanisms.

How to fix Authentication Bypass Using an Alternate Path or Channel?

Upgrade org.apache.kylin:kylin-core-common to version 5.0.3 or higher.

[4.0.0,5.0.3)

Files or Directories Accessible to External Parties

org.apache.kylin:kylin-core-common is a package part of Apache Kylin.

Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests to exposed resources.

Note:

This is only exploitable if the attacker has system or project admin access.

How to fix Files or Directories Accessible to External Parties?

Upgrade org.apache.kylin:kylin-core-common to version 5.0.3 or higher.

[4.0.0,5.0.3)

Server-side Request Forgery (SSRF)

org.apache.kylin:kylin-core-common is a package part of Apache Kylin.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted requests to internal or protected endpoints.

Note:

This is only exploitable if the attacker has system or project admin access.

How to fix Server-side Request Forgery (SSRF)?

Upgrade org.apache.kylin:kylin-core-common to version 5.0.3 or higher.

[4.0.0,5.0.3)

Arbitrary Code Injection

org.apache.kylin:kylin-core-common is a package part of Apache Kylin.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain system or project admin permissions.

How to fix Arbitrary Code Injection?

Upgrade org.apache.kylin:kylin-core-common to version 5.0.2 or higher.

[4.0.0,5.0.2)

Cryptographic Issues

org.apache.kylin:kylin-core-common is a package part of Apache Kylin.

Affected versions of this package are vulnerable to Cryptographic Issues due to usage of insecure AES/ECB/PKCS5Padding.

How to fix Cryptographic Issues?

Upgrade org.apache.kylin:kylin-core-common to version kylin-3.1.0 or higher.

[,kylin-3.1.0)

org.apache.kylin:kylin-core-common@5.0.0-alpha vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically