Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.kylin/kylin@2.6.1
Typemaven
Namespaceorg.apache.kylin
Namekylin
Version2.6.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.3
Latest_non_vulnerable_version5.0.3
Affected_by_vulnerabilities
0
url VCID-2mp1-7zce-dkh8
vulnerability_id VCID-2mp1-7zce-dkh8
summary 
Apache Kylin has Insufficiently Protected Credentials
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers to hijack the HTTP payload and get access to the content of kylin.properties and potentially the containing credentials.

To avoid this threat, users are recommended to

*  Always turn on HTTPS so that network payload is encrypted.

*  Avoid putting credentials in kylin.properties, or at least not in plain text.
*  Use network firewalls to protect the serverside such that it is not accessible to external attackers.

*  Upgrade to version Apache Kylin 4.0.4, which filters out the sensitive content that goes to the Server Config web interface.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29055
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.27757
published_at 2026-06-07T12:55:00Z
1
value 0.00103
scoring_system epss
scoring_elements 0.27846
published_at 2026-06-05T12:55:00Z
2
value 0.00103
scoring_system epss
scoring_elements 0.27795
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29055
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/commit/b60d5ae694dffc2281bfe0ef464eada0b3a9b774
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/commit/b60d5ae694dffc2281bfe0ef464eada0b3a9b774
3
reference_url https://lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-02T17:14:27Z/
url https://lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r
4
reference_url http://www.openwall.com/lists/oss-security/2024/01/29/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-02T17:14:27Z/
url http://www.openwall.com/lists/oss-security/2024/01/29/1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29055
reference_id CVE-2023-29055
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29055
6
reference_url https://github.com/advisories/GHSA-3vvc-v8c2-43r7
reference_id GHSA-3vvc-v8c2-43r7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vvc-v8c2-43r7
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@4.0.4
purl pkg:maven/org.apache.kylin/kylin@4.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5h7z-8j2q-k3hk
1
vulnerability VCID-74vu-bu5d-zqgq
2
vulnerability VCID-dzkm-q626-pug7
3
vulnerability VCID-m89c-z84y-jug2
4
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.4
aliases CVE-2023-29055, GHSA-3vvc-v8c2-43r7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mp1-7zce-dkh8
1
url VCID-3tdp-fpt7-mycx
vulnerability_id VCID-3tdp-fpt7-mycx
summary 
SQL Injection
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1937
reference_id
reference_type
scores
0
value 0.06295
scoring_system epss
scoring_elements 0.91114
published_at 2026-06-06T12:55:00Z
1
value 0.06295
scoring_system epss
scoring_elements 0.91111
published_at 2026-06-07T12:55:00Z
2
value 0.06295
scoring_system epss
scoring_elements 0.91102
published_at 2026-06-04T12:55:00Z
3
value 0.06295
scoring_system epss
scoring_elements 0.91115
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1937
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/commit/e373c64c96a54a7abfe4bccb82e8feb60db04749
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/commit/e373c64c96a54a7abfe4bccb82e8feb60db04749
3
reference_url https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r61666760d8a4e8764b2d5fe158d8a48b569414480fbfadede574cdc0@%3Ccommits.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r61666760d8a4e8764b2d5fe158d8a48b569414480fbfadede574cdc0@%3Ccommits.kylin.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rc574fef23740522f62ab3bbda4f6171be98aa7a25f3f54be143a80a8%40%3Cuser.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc574fef23740522f62ab3bbda4f6171be98aa7a25f3f54be143a80a8%40%3Cuser.kylin.apache.org%3E
6
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKYLIN-552148
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKYLIN-552148
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1937
reference_id CVE-2020-1937
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1937
8
reference_url https://github.com/advisories/GHSA-7hmh-8gwv-mfvq
reference_id GHSA-7hmh-8gwv-mfvq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7hmh-8gwv-mfvq
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@2.6.5
purl pkg:maven/org.apache.kylin/kylin@2.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-7sr2-htxm-v7dw
3
vulnerability VCID-8ssr-ftym-kubw
4
vulnerability VCID-8v1x-1x2n-vbhu
5
vulnerability VCID-8ye7-t531-b7hw
6
vulnerability VCID-jy58-3kzh-xfbz
7
vulnerability VCID-pjr6-y7uu-jqfd
8
vulnerability VCID-qvy9-qe44-kbf1
9
vulnerability VCID-sz6c-t8m7-z3dj
10
vulnerability VCID-ue1j-npxy-37cq
11
vulnerability VCID-x2j7-1kq5-e3ec
12
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@2.6.5
1
url pkg:maven/org.apache.kylin/kylin@3.0.1
purl pkg:maven/org.apache.kylin/kylin@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-7sr2-htxm-v7dw
3
vulnerability VCID-8ssr-ftym-kubw
4
vulnerability VCID-8v1x-1x2n-vbhu
5
vulnerability VCID-8ye7-t531-b7hw
6
vulnerability VCID-cret-1sa1-8kd6
7
vulnerability VCID-jy58-3kzh-xfbz
8
vulnerability VCID-pjr6-y7uu-jqfd
9
vulnerability VCID-qvy9-qe44-kbf1
10
vulnerability VCID-sz6c-t8m7-z3dj
11
vulnerability VCID-ue1j-npxy-37cq
12
vulnerability VCID-x2j7-1kq5-e3ec
13
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.0.1
aliases CVE-2020-1937, GHSA-7hmh-8gwv-mfvq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tdp-fpt7-mycx
2
url VCID-55ud-m45e-fqhk
vulnerability_id VCID-55ud-m45e-fqhk
summary 
Apache Kylin vulnerable to remote code execution
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24697
reference_id
reference_type
scores
0
value 0.13594
scoring_system epss
scoring_elements 0.94378
published_at 2026-06-05T12:55:00Z
1
value 0.13594
scoring_system epss
scoring_elements 0.94381
published_at 2026-06-07T12:55:00Z
2
value 0.13594
scoring_system epss
scoring_elements 0.94379
published_at 2026-06-06T12:55:00Z
3
value 0.13594
scoring_system epss
scoring_elements 0.94369
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24697
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/pull/1811
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1811
3
reference_url https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-16T13:42:40Z/
url https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4
4
reference_url http://www.openwall.com/lists/oss-security/2022/12/30/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-16T13:42:40Z/
url http://www.openwall.com/lists/oss-security/2022/12/30/1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24697
reference_id CVE-2022-24697
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24697
6
reference_url https://github.com/advisories/GHSA-ppxx-m926-g569
reference_id GHSA-ppxx-m926-g569
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ppxx-m926-g569
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@2.6.6
purl pkg:maven/org.apache.kylin/kylin@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-8v1x-1x2n-vbhu
3
vulnerability VCID-8ye7-t531-b7hw
4
vulnerability VCID-jy58-3kzh-xfbz
5
vulnerability VCID-pjr6-y7uu-jqfd
6
vulnerability VCID-qvy9-qe44-kbf1
7
vulnerability VCID-sz6c-t8m7-z3dj
8
vulnerability VCID-ue1j-npxy-37cq
9
vulnerability VCID-x2j7-1kq5-e3ec
10
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@2.6.6
1
url pkg:maven/org.apache.kylin/kylin@3.1.3
purl pkg:maven/org.apache.kylin/kylin@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3
2
url pkg:maven/org.apache.kylin/kylin@4.0.2
purl pkg:maven/org.apache.kylin/kylin@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-5h7z-8j2q-k3hk
2
vulnerability VCID-74vu-bu5d-zqgq
3
vulnerability VCID-7sr2-htxm-v7dw
4
vulnerability VCID-dzkm-q626-pug7
5
vulnerability VCID-m89c-z84y-jug2
6
vulnerability VCID-ue1j-npxy-37cq
7
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.2
aliases CVE-2022-24697, GHSA-ppxx-m926-g569
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55ud-m45e-fqhk
3
url VCID-7sr2-htxm-v7dw
vulnerability_id VCID-7sr2-htxm-v7dw
summary 
Apache Kylin vulnerable to Command injection by Diagnosis Controller
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44621
reference_id
reference_type
scores
0
value 0.09183
scoring_system epss
scoring_elements 0.92845
published_at 2026-06-04T12:55:00Z
1
value 0.09183
scoring_system epss
scoring_elements 0.92848
published_at 2026-06-07T12:55:00Z
2
value 0.09183
scoring_system epss
scoring_elements 0.92852
published_at 2026-06-06T12:55:00Z
3
value 0.09183
scoring_system epss
scoring_elements 0.92857
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44621
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/commit/fd2977e21c51f1afed668f2d9713cf562f2dc42d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/commit/fd2977e21c51f1afed668f2d9713cf562f2dc42d
3
reference_url https://github.com/apache/kylin/pull/2011
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/2011
4
reference_url https://github.com/apache/kylin/pull/2011/commits/418a63c61379d429312972fc94b87994e06b664f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/2011/commits/418a63c61379d429312972fc94b87994e06b664f
5
reference_url https://lists.apache.org/thread/7ctchj24dofgsj9g1rg1245cms9myb34
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-11T14:45:09Z/
url https://lists.apache.org/thread/7ctchj24dofgsj9g1rg1245cms9myb34
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44621
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44621
7
reference_url https://github.com/advisories/GHSA-w9rv-xmf7-x3gh
reference_id GHSA-w9rv-xmf7-x3gh
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9rv-xmf7-x3gh
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@4.0.3
purl pkg:maven/org.apache.kylin/kylin@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-5h7z-8j2q-k3hk
2
vulnerability VCID-74vu-bu5d-zqgq
3
vulnerability VCID-dzkm-q626-pug7
4
vulnerability VCID-m89c-z84y-jug2
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.3
aliases CVE-2022-44621, GHSA-w9rv-xmf7-x3gh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7sr2-htxm-v7dw
4
url VCID-8ssr-ftym-kubw
vulnerability_id VCID-8ssr-ftym-kubw
summary 
OS Command Injection
Apache Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1956
reference_id
reference_type
scores
0
value 0.93724
scoring_system epss
scoring_elements 0.99859
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1956
1
reference_url https://community.sonarsource.com/t/apache-kylin-3-0-1-command-injection-vulnerability/25706
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T20:55:12Z/
url https://community.sonarsource.com/t/apache-kylin-3-0-1-command-injection-vulnerability/25706
2
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
3
reference_url https://github.com/apache/kylin/commit/58fad56ac6aaa43c6bd8f962d7f2d84438664092
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/commit/58fad56ac6aaa43c6bd8f962d7f2d84438664092
4
reference_url https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf%40%3Ccommits.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T20:55:12Z/
url https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf%40%3Ccommits.kylin.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r1332ef34cf8e2c0589cf44ad269fb1fb4c06addec6297f0320f5111d%40%3Cuser.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T20:55:12Z/
url https://lists.apache.org/thread.html/r1332ef34cf8e2c0589cf44ad269fb1fb4c06addec6297f0320f5111d%40%3Cuser.kylin.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb@%3Cannounce.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb@%3Cdev.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb@%3Cdev.kylin.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb@%3Cuser.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb@%3Cuser.kylin.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T20:55:12Z/
url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cannounce.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cdev.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T20:55:12Z/
url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cdev.kylin.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cuser.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T20:55:12Z/
url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cuser.kylin.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r61666760d8a4e8764b2d5fe158d8a48b569414480fbfadede574cdc0@%3Ccommits.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r61666760d8a4e8764b2d5fe158d8a48b569414480fbfadede574cdc0@%3Ccommits.kylin.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r61666760d8a4e8764b2d5fe158d8a48b569414480fbfadede574cdc0%40%3Ccommits.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T20:55:12Z/
url https://lists.apache.org/thread.html/r61666760d8a4e8764b2d5fe158d8a48b569414480fbfadede574cdc0%40%3Ccommits.kylin.apache.org%3E
15
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKYLIN-570207
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKYLIN-570207
16
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1956
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1956
17
reference_url http://www.openwall.com/lists/oss-security/2020/07/14/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T20:55:12Z/
url http://www.openwall.com/lists/oss-security/2020/07/14/1
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1956
reference_id CVE-2020-1956
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1956
19
reference_url https://github.com/advisories/GHSA-gprm-xqrc-c2j3
reference_id GHSA-gprm-xqrc-c2j3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gprm-xqrc-c2j3
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@2.6.6
purl pkg:maven/org.apache.kylin/kylin@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-8v1x-1x2n-vbhu
3
vulnerability VCID-8ye7-t531-b7hw
4
vulnerability VCID-jy58-3kzh-xfbz
5
vulnerability VCID-pjr6-y7uu-jqfd
6
vulnerability VCID-qvy9-qe44-kbf1
7
vulnerability VCID-sz6c-t8m7-z3dj
8
vulnerability VCID-ue1j-npxy-37cq
9
vulnerability VCID-x2j7-1kq5-e3ec
10
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@2.6.6
1
url pkg:maven/org.apache.kylin/kylin@3.0.2
purl pkg:maven/org.apache.kylin/kylin@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-7sr2-htxm-v7dw
3
vulnerability VCID-8v1x-1x2n-vbhu
4
vulnerability VCID-8ye7-t531-b7hw
5
vulnerability VCID-cret-1sa1-8kd6
6
vulnerability VCID-jy58-3kzh-xfbz
7
vulnerability VCID-pjr6-y7uu-jqfd
8
vulnerability VCID-qvy9-qe44-kbf1
9
vulnerability VCID-sz6c-t8m7-z3dj
10
vulnerability VCID-ue1j-npxy-37cq
11
vulnerability VCID-x2j7-1kq5-e3ec
12
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.0.2
aliases CVE-2020-1956, GHSA-gprm-xqrc-c2j3
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ssr-ftym-kubw
5
url VCID-8v1x-1x2n-vbhu
vulnerability_id VCID-8v1x-1x2n-vbhu
summary 
Inadequate Encryption Strength
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 and prior versions; Apache Kylin 3 and prior versions; Apache Kylin 4 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-45458
reference_id
reference_type
scores
0
value 0.00631
scoring_system epss
scoring_elements 0.70682
published_at 2026-06-04T12:55:00Z
1
value 0.00631
scoring_system epss
scoring_elements 0.70715
published_at 2026-06-07T12:55:00Z
2
value 0.00631
scoring_system epss
scoring_elements 0.70732
published_at 2026-06-06T12:55:00Z
3
value 0.00631
scoring_system epss
scoring_elements 0.70725
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-45458
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/pull/1781
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1781
3
reference_url https://github.com/apache/kylin/pull/1782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1782
4
reference_url https://lists.apache.org/thread/oof215qz188k16vhlo97cm1jksxdowfy
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/oof215qz188k16vhlo97cm1jksxdowfy
5
reference_url http://www.openwall.com/lists/oss-security/2022/01/06/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/06/3
6
reference_url http://www.openwall.com/lists/oss-security/2022/01/06/7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/06/7
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45458
reference_id CVE-2021-45458
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-45458
8
reference_url https://github.com/advisories/GHSA-9fj5-jg6f-qg5r
reference_id GHSA-9fj5-jg6f-qg5r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9fj5-jg6f-qg5r
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
purl pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-jy58-3kzh-xfbz
3
vulnerability VCID-qvy9-qe44-kbf1
4
vulnerability VCID-ue1j-npxy-37cq
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
1
url pkg:maven/org.apache.kylin/kylin@3.1.3
purl pkg:maven/org.apache.kylin/kylin@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3
2
url pkg:maven/org.apache.kylin/kylin@4.0.1
purl pkg:maven/org.apache.kylin/kylin@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-5h7z-8j2q-k3hk
3
vulnerability VCID-74vu-bu5d-zqgq
4
vulnerability VCID-7sr2-htxm-v7dw
5
vulnerability VCID-dzkm-q626-pug7
6
vulnerability VCID-m89c-z84y-jug2
7
vulnerability VCID-ue1j-npxy-37cq
8
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.1
aliases CVE-2021-45458, GHSA-9fj5-jg6f-qg5r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8v1x-1x2n-vbhu
6
url VCID-8ye7-t531-b7hw
vulnerability_id VCID-8ye7-t531-b7hw
summary 
Insecure Storage of Sensitive Information
Apache Kylin has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13937
reference_id
reference_type
scores
0
value 0.93332
scoring_system epss
scoring_elements 0.9982
published_at 2026-06-05T12:55:00Z
1
value 0.93332
scoring_system epss
scoring_elements 0.99821
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13937
1
reference_url https://lists.apache.org/thread.html/rc592e0dcee5a2615f1d9522af30ef1822c1f863d5e05e7da9d1e57f4%40%3Cuser.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc592e0dcee5a2615f1d9522af30ef1822c1f863d5e05e7da9d1e57f4%40%3Cuser.kylin.apache.org%3E
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13937
reference_id CVE-2020-13937
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13937
3
reference_url https://github.com/advisories/GHSA-2hpg-vwqj-6h6w
reference_id GHSA-2hpg-vwqj-6h6w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2hpg-vwqj-6h6w
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
purl pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-jy58-3kzh-xfbz
3
vulnerability VCID-qvy9-qe44-kbf1
4
vulnerability VCID-ue1j-npxy-37cq
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
1
url pkg:maven/org.apache.kylin/kylin@3.1.1
purl pkg:maven/org.apache.kylin/kylin@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-7sr2-htxm-v7dw
3
vulnerability VCID-8v1x-1x2n-vbhu
4
vulnerability VCID-cret-1sa1-8kd6
5
vulnerability VCID-pjr6-y7uu-jqfd
6
vulnerability VCID-sz6c-t8m7-z3dj
7
vulnerability VCID-ue1j-npxy-37cq
8
vulnerability VCID-x2j7-1kq5-e3ec
9
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.1
2
url pkg:maven/org.apache.kylin/kylin@4.0.0-beta
purl pkg:maven/org.apache.kylin/kylin@4.0.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.0-beta
3
url pkg:maven/org.apache.kylin/kylin@4.0.1
purl pkg:maven/org.apache.kylin/kylin@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-5h7z-8j2q-k3hk
3
vulnerability VCID-74vu-bu5d-zqgq
4
vulnerability VCID-7sr2-htxm-v7dw
5
vulnerability VCID-dzkm-q626-pug7
6
vulnerability VCID-m89c-z84y-jug2
7
vulnerability VCID-ue1j-npxy-37cq
8
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.1
aliases CVE-2020-13937, GHSA-2hpg-vwqj-6h6w
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ye7-t531-b7hw
7
url VCID-jy58-3kzh-xfbz
vulnerability_id VCID-jy58-3kzh-xfbz
summary 
OS Command Injection
Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13925
reference_id
reference_type
scores
0
value 0.84701
scoring_system epss
scoring_elements 0.99354
published_at 2026-06-04T12:55:00Z
1
value 0.84701
scoring_system epss
scoring_elements 0.99356
published_at 2026-06-07T12:55:00Z
2
value 0.84701
scoring_system epss
scoring_elements 0.99355
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13925
1
reference_url https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cuser.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cuser.kylin.apache.org%3E
3
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKYLIN-584373
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKYLIN-584373
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13925
reference_id CVE-2020-13925
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13925
5
reference_url https://github.com/advisories/GHSA-qwfw-gxx2-mmv2
reference_id GHSA-qwfw-gxx2-mmv2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qwfw-gxx2-mmv2
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.1.0
purl pkg:maven/org.apache.kylin/kylin@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-7sr2-htxm-v7dw
3
vulnerability VCID-8v1x-1x2n-vbhu
4
vulnerability VCID-8ye7-t531-b7hw
5
vulnerability VCID-cret-1sa1-8kd6
6
vulnerability VCID-pjr6-y7uu-jqfd
7
vulnerability VCID-sz6c-t8m7-z3dj
8
vulnerability VCID-ue1j-npxy-37cq
9
vulnerability VCID-x2j7-1kq5-e3ec
10
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.0
aliases CVE-2020-13925, GHSA-qwfw-gxx2-mmv2
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jy58-3kzh-xfbz
8
url VCID-pjr6-y7uu-jqfd
vulnerability_id VCID-pjr6-y7uu-jqfd
summary 
Insufficiently Protected Credentials
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 and prior versions; Apache Kylin 3 and prior versions; Apache Kylin 4 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-45457
reference_id
reference_type
scores
0
value 0.0084
scoring_system epss
scoring_elements 0.75075
published_at 2026-06-04T12:55:00Z
1
value 0.0084
scoring_system epss
scoring_elements 0.751
published_at 2026-06-07T12:55:00Z
2
value 0.0084
scoring_system epss
scoring_elements 0.75108
published_at 2026-06-06T12:55:00Z
3
value 0.0084
scoring_system epss
scoring_elements 0.75104
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-45457
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/pull/1781
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1781
3
reference_url https://github.com/apache/kylin/pull/1782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1782
4
reference_url https://lists.apache.org/thread/rzv4mq58okwj1n88lry82ol2wwm57q1m
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/rzv4mq58okwj1n88lry82ol2wwm57q1m
5
reference_url http://www.openwall.com/lists/oss-security/2022/01/06/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/06/2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45457
reference_id CVE-2021-45457
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-45457
7
reference_url https://github.com/advisories/GHSA-mgpf-hhgf-cxg4
reference_id GHSA-mgpf-hhgf-cxg4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mgpf-hhgf-cxg4
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
purl pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-jy58-3kzh-xfbz
3
vulnerability VCID-qvy9-qe44-kbf1
4
vulnerability VCID-ue1j-npxy-37cq
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
1
url pkg:maven/org.apache.kylin/kylin@3.1.3
purl pkg:maven/org.apache.kylin/kylin@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3
2
url pkg:maven/org.apache.kylin/kylin@4.0.1
purl pkg:maven/org.apache.kylin/kylin@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-5h7z-8j2q-k3hk
3
vulnerability VCID-74vu-bu5d-zqgq
4
vulnerability VCID-7sr2-htxm-v7dw
5
vulnerability VCID-dzkm-q626-pug7
6
vulnerability VCID-m89c-z84y-jug2
7
vulnerability VCID-ue1j-npxy-37cq
8
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.1
aliases CVE-2021-45457, GHSA-mgpf-hhgf-cxg4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjr6-y7uu-jqfd
9
url VCID-qvy9-qe44-kbf1
vulnerability_id VCID-qvy9-qe44-kbf1
summary 
SQL Injection
Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13926
reference_id
reference_type
scores
0
value 0.03106
scoring_system epss
scoring_elements 0.87079
published_at 2026-06-06T12:55:00Z
1
value 0.03106
scoring_system epss
scoring_elements 0.87073
published_at 2026-06-07T12:55:00Z
2
value 0.03106
scoring_system epss
scoring_elements 0.87059
published_at 2026-06-04T12:55:00Z
3
value 0.03106
scoring_system epss
scoring_elements 0.87081
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13926
1
reference_url https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/r63d5663169e866d44ff9250796193337cff7d9cf61cc3839e86163fd%40%3Cuser.kylin.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r63d5663169e866d44ff9250796193337cff7d9cf61cc3839e86163fd%40%3Cuser.kylin.apache.org%3E
3
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKYLIN-584374
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKYLIN-584374
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13926
reference_id CVE-2020-13926
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13926
5
reference_url https://github.com/advisories/GHSA-hx5g-8hq2-8x4w
reference_id GHSA-hx5g-8hq2-8x4w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hx5g-8hq2-8x4w
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.1.0
purl pkg:maven/org.apache.kylin/kylin@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-7sr2-htxm-v7dw
3
vulnerability VCID-8v1x-1x2n-vbhu
4
vulnerability VCID-8ye7-t531-b7hw
5
vulnerability VCID-cret-1sa1-8kd6
6
vulnerability VCID-pjr6-y7uu-jqfd
7
vulnerability VCID-sz6c-t8m7-z3dj
8
vulnerability VCID-ue1j-npxy-37cq
9
vulnerability VCID-x2j7-1kq5-e3ec
10
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.0
aliases CVE-2020-13926, GHSA-hx5g-8hq2-8x4w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvy9-qe44-kbf1
10
url VCID-sz6c-t8m7-z3dj
vulnerability_id VCID-sz6c-t8m7-z3dj
summary 
Exposure of Resource to Wrong Sphere
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 and prior versions; Apache Kylin 3 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36774
reference_id
reference_type
scores
0
value 0.00805
scoring_system epss
scoring_elements 0.74497
published_at 2026-06-04T12:55:00Z
1
value 0.00805
scoring_system epss
scoring_elements 0.74524
published_at 2026-06-07T12:55:00Z
2
value 0.00805
scoring_system epss
scoring_elements 0.74535
published_at 2026-06-06T12:55:00Z
3
value 0.00805
scoring_system epss
scoring_elements 0.7453
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36774
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/pull/1646
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1646
3
reference_url https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow
4
reference_url http://www.openwall.com/lists/oss-security/2022/01/06/5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/06/5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36774
reference_id CVE-2021-36774
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36774
6
reference_url https://github.com/advisories/GHSA-5429-pjww-7675
reference_id GHSA-5429-pjww-7675
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5429-pjww-7675
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
purl pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-jy58-3kzh-xfbz
3
vulnerability VCID-qvy9-qe44-kbf1
4
vulnerability VCID-ue1j-npxy-37cq
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
1
url pkg:maven/org.apache.kylin/kylin@3.1.3
purl pkg:maven/org.apache.kylin/kylin@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3
aliases CVE-2021-36774, GHSA-5429-pjww-7675
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz6c-t8m7-z3dj
11
url VCID-ue1j-npxy-37cq
vulnerability_id VCID-ue1j-npxy-37cq
summary 
Apache Kylin vulnerable to Command injection by Useless configuration
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the `kylin.engine.spark-cmd` parameter of `conf`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43396
reference_id
reference_type
scores
0
value 0.00387
scoring_system epss
scoring_elements 0.60209
published_at 2026-06-07T12:55:00Z
1
value 0.00387
scoring_system epss
scoring_elements 0.60172
published_at 2026-06-04T12:55:00Z
2
value 0.00387
scoring_system epss
scoring_elements 0.60219
published_at 2026-06-05T12:55:00Z
3
value 0.00387
scoring_system epss
scoring_elements 0.60221
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43396
1
reference_url https://github.com/apache/kylin/pull/2011
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/2011
2
reference_url https://lists.apache.org/thread/ob2ks04zl5ms0r44cd74y1xdl1rzfd1r
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T14:49:21Z/
url https://lists.apache.org/thread/ob2ks04zl5ms0r44cd74y1xdl1rzfd1r
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43396
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43396
4
reference_url https://github.com/advisories/GHSA-f5q9-j9r2-34gq
reference_id GHSA-f5q9-j9r2-34gq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f5q9-j9r2-34gq
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@4.0.3
purl pkg:maven/org.apache.kylin/kylin@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-5h7z-8j2q-k3hk
2
vulnerability VCID-74vu-bu5d-zqgq
3
vulnerability VCID-dzkm-q626-pug7
4
vulnerability VCID-m89c-z84y-jug2
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.3
aliases CVE-2022-43396, GHSA-f5q9-j9r2-34gq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ue1j-npxy-37cq
12
url VCID-x2j7-1kq5-e3ec
vulnerability_id VCID-x2j7-1kq5-e3ec
summary 
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 and prior versions; Apache Kylin 3 and prior versions; Apache Kylin 4 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31522
reference_id
reference_type
scores
0
value 0.03405
scoring_system epss
scoring_elements 0.87644
published_at 2026-06-04T12:55:00Z
1
value 0.03405
scoring_system epss
scoring_elements 0.87667
published_at 2026-06-06T12:55:00Z
2
value 0.03405
scoring_system epss
scoring_elements 0.87666
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31522
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/pull/1695
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1695
3
reference_url https://github.com/apache/kylin/pull/1763
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1763
4
reference_url https://lists.apache.org/thread/hh5crx3yr701zd8wtpqo1mww2rlkvznw
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/hh5crx3yr701zd8wtpqo1mww2rlkvznw
5
reference_url http://www.openwall.com/lists/oss-security/2022/01/06/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/06/4
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31522
reference_id CVE-2021-31522
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31522
7
reference_url https://github.com/advisories/GHSA-q656-g2x3-8cgh
reference_id GHSA-q656-g2x3-8cgh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q656-g2x3-8cgh
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
purl pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-jy58-3kzh-xfbz
3
vulnerability VCID-qvy9-qe44-kbf1
4
vulnerability VCID-ue1j-npxy-37cq
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
1
url pkg:maven/org.apache.kylin/kylin@3.1.3
purl pkg:maven/org.apache.kylin/kylin@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3
2
url pkg:maven/org.apache.kylin/kylin@4.0.1
purl pkg:maven/org.apache.kylin/kylin@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-5h7z-8j2q-k3hk
3
vulnerability VCID-74vu-bu5d-zqgq
4
vulnerability VCID-7sr2-htxm-v7dw
5
vulnerability VCID-dzkm-q626-pug7
6
vulnerability VCID-m89c-z84y-jug2
7
vulnerability VCID-ue1j-npxy-37cq
8
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.1
aliases CVE-2021-31522, GHSA-q656-g2x3-8cgh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2j7-1kq5-e3ec
13
url VCID-ygvg-2wzv-nubj
vulnerability_id VCID-ygvg-2wzv-nubj
summary 
Apache Kylin Session Fixation vulnerability
Session Fixation vulnerability in Apache Kylin.

This issue affects Apache Kylin: from 2.0.0 through 4.x.

Users are recommended to upgrade to version 5.0.0 or above, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23590
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55718
published_at 2026-06-07T12:55:00Z
1
value 0.00323
scoring_system epss
scoring_elements 0.5573
published_at 2026-06-06T12:55:00Z
2
value 0.00323
scoring_system epss
scoring_elements 0.55725
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23590
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://lists.apache.org/thread/7161154h0k6zygr9917qq0g95p39szml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-05T14:50:17Z/
url https://lists.apache.org/thread/7161154h0k6zygr9917qq0g95p39szml
3
reference_url http://www.openwall.com/lists/oss-security/2024/11/03/1
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/11/03/1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23590
reference_id CVE-2024-23590
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23590
5
reference_url https://github.com/advisories/GHSA-752q-72qc-rc66
reference_id GHSA-752q-72qc-rc66
reference_type
scores
url https://github.com/advisories/GHSA-752q-72qc-rc66
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@5.0.0
purl pkg:maven/org.apache.kylin/kylin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5h7z-8j2q-k3hk
1
vulnerability VCID-74vu-bu5d-zqgq
2
vulnerability VCID-dzkm-q626-pug7
3
vulnerability VCID-m89c-z84y-jug2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@5.0.0
aliases CVE-2024-23590, GHSA-752q-72qc-rc66
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygvg-2wzv-nubj
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@2.6.1