CVE-2020-1956
Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
Vulnerability Description
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
Affected Platforms (CPE)
π¦
Apache
Kylin
>= 2.3.0 and <= 2.3.2π¦
Apache
Kylin
>= 2.5.0 and <= 2.5.2π¦
Apache
Kylin
>= 2.6.0 and <= 2.6.5π¦
Apache
Kylin
= 2.4.0π¦
Apache
Kylin
= 2.4.1π¦
Apache
Kylin
= 3.0.0π¦
Apache
Kylin
= 3.0.0π¦
Apache
Kylin
= 3.0.0π¦
Apache
Kylin
= 3.0.0π¦
Apache