Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.kylin/kylin@3.1.3
Typemaven
Namespaceorg.apache.kylin
Namekylin
Version3.1.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.3
Latest_non_vulnerable_version5.0.3
Affected_by_vulnerabilities
0
url VCID-2mp1-7zce-dkh8
vulnerability_id VCID-2mp1-7zce-dkh8
summary 
Apache Kylin has Insufficiently Protected Credentials
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers to hijack the HTTP payload and get access to the content of kylin.properties and potentially the containing credentials.

To avoid this threat, users are recommended to

*  Always turn on HTTPS so that network payload is encrypted.

*  Avoid putting credentials in kylin.properties, or at least not in plain text.
*  Use network firewalls to protect the serverside such that it is not accessible to external attackers.

*  Upgrade to version Apache Kylin 4.0.4, which filters out the sensitive content that goes to the Server Config web interface.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29055
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.27757
published_at 2026-06-07T12:55:00Z
1
value 0.00103
scoring_system epss
scoring_elements 0.27708
published_at 2026-06-08T12:55:00Z
2
value 0.00103
scoring_system epss
scoring_elements 0.27846
published_at 2026-06-05T12:55:00Z
3
value 0.00103
scoring_system epss
scoring_elements 0.27795
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29055
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/commit/b60d5ae694dffc2281bfe0ef464eada0b3a9b774
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/commit/b60d5ae694dffc2281bfe0ef464eada0b3a9b774
3
reference_url https://lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-02T17:14:27Z/
url https://lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r
4
reference_url http://www.openwall.com/lists/oss-security/2024/01/29/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-02T17:14:27Z/
url http://www.openwall.com/lists/oss-security/2024/01/29/1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29055
reference_id CVE-2023-29055
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29055
6
reference_url https://github.com/advisories/GHSA-3vvc-v8c2-43r7
reference_id GHSA-3vvc-v8c2-43r7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vvc-v8c2-43r7
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@4.0.4
purl pkg:maven/org.apache.kylin/kylin@4.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5h7z-8j2q-k3hk
1
vulnerability VCID-74vu-bu5d-zqgq
2
vulnerability VCID-dzkm-q626-pug7
3
vulnerability VCID-m89c-z84y-jug2
4
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.4
aliases CVE-2023-29055, GHSA-3vvc-v8c2-43r7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mp1-7zce-dkh8
1
url VCID-7sr2-htxm-v7dw
vulnerability_id VCID-7sr2-htxm-v7dw
summary 
Apache Kylin vulnerable to Command injection by Diagnosis Controller
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44621
reference_id
reference_type
scores
0
value 0.09183
scoring_system epss
scoring_elements 0.92845
published_at 2026-06-04T12:55:00Z
1
value 0.09183
scoring_system epss
scoring_elements 0.92847
published_at 2026-06-08T12:55:00Z
2
value 0.09183
scoring_system epss
scoring_elements 0.92848
published_at 2026-06-07T12:55:00Z
3
value 0.09183
scoring_system epss
scoring_elements 0.92852
published_at 2026-06-06T12:55:00Z
4
value 0.09183
scoring_system epss
scoring_elements 0.92857
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44621
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/commit/fd2977e21c51f1afed668f2d9713cf562f2dc42d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/commit/fd2977e21c51f1afed668f2d9713cf562f2dc42d
3
reference_url https://github.com/apache/kylin/pull/2011
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/2011
4
reference_url https://github.com/apache/kylin/pull/2011/commits/418a63c61379d429312972fc94b87994e06b664f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/2011/commits/418a63c61379d429312972fc94b87994e06b664f
5
reference_url https://lists.apache.org/thread/7ctchj24dofgsj9g1rg1245cms9myb34
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-11T14:45:09Z/
url https://lists.apache.org/thread/7ctchj24dofgsj9g1rg1245cms9myb34
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44621
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44621
7
reference_url https://github.com/advisories/GHSA-w9rv-xmf7-x3gh
reference_id GHSA-w9rv-xmf7-x3gh
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9rv-xmf7-x3gh
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@4.0.3
purl pkg:maven/org.apache.kylin/kylin@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-5h7z-8j2q-k3hk
2
vulnerability VCID-74vu-bu5d-zqgq
3
vulnerability VCID-dzkm-q626-pug7
4
vulnerability VCID-m89c-z84y-jug2
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.3
aliases CVE-2022-44621, GHSA-w9rv-xmf7-x3gh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7sr2-htxm-v7dw
2
url VCID-ue1j-npxy-37cq
vulnerability_id VCID-ue1j-npxy-37cq
summary 
Apache Kylin vulnerable to Command injection by Useless configuration
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the `kylin.engine.spark-cmd` parameter of `conf`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43396
reference_id
reference_type
scores
0
value 0.00387
scoring_system epss
scoring_elements 0.60191
published_at 2026-06-08T12:55:00Z
1
value 0.00387
scoring_system epss
scoring_elements 0.60172
published_at 2026-06-04T12:55:00Z
2
value 0.00387
scoring_system epss
scoring_elements 0.60219
published_at 2026-06-05T12:55:00Z
3
value 0.00387
scoring_system epss
scoring_elements 0.60221
published_at 2026-06-06T12:55:00Z
4
value 0.00387
scoring_system epss
scoring_elements 0.60209
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43396
1
reference_url https://github.com/apache/kylin/pull/2011
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/2011
2
reference_url https://lists.apache.org/thread/ob2ks04zl5ms0r44cd74y1xdl1rzfd1r
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T14:49:21Z/
url https://lists.apache.org/thread/ob2ks04zl5ms0r44cd74y1xdl1rzfd1r
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43396
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43396
4
reference_url https://github.com/advisories/GHSA-f5q9-j9r2-34gq
reference_id GHSA-f5q9-j9r2-34gq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f5q9-j9r2-34gq
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@4.0.3
purl pkg:maven/org.apache.kylin/kylin@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-5h7z-8j2q-k3hk
2
vulnerability VCID-74vu-bu5d-zqgq
3
vulnerability VCID-dzkm-q626-pug7
4
vulnerability VCID-m89c-z84y-jug2
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.3
aliases CVE-2022-43396, GHSA-f5q9-j9r2-34gq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ue1j-npxy-37cq
3
url VCID-ygvg-2wzv-nubj
vulnerability_id VCID-ygvg-2wzv-nubj
summary 
Apache Kylin Session Fixation vulnerability
Session Fixation vulnerability in Apache Kylin.

This issue affects Apache Kylin: from 2.0.0 through 4.x.

Users are recommended to upgrade to version 5.0.0 or above, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23590
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55725
published_at 2026-06-05T12:55:00Z
1
value 0.00323
scoring_system epss
scoring_elements 0.55699
published_at 2026-06-08T12:55:00Z
2
value 0.00323
scoring_system epss
scoring_elements 0.55718
published_at 2026-06-07T12:55:00Z
3
value 0.00323
scoring_system epss
scoring_elements 0.5573
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23590
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://lists.apache.org/thread/7161154h0k6zygr9917qq0g95p39szml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-05T14:50:17Z/
url https://lists.apache.org/thread/7161154h0k6zygr9917qq0g95p39szml
3
reference_url http://www.openwall.com/lists/oss-security/2024/11/03/1
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/11/03/1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23590
reference_id CVE-2024-23590
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23590
5
reference_url https://github.com/advisories/GHSA-752q-72qc-rc66
reference_id GHSA-752q-72qc-rc66
reference_type
scores
url https://github.com/advisories/GHSA-752q-72qc-rc66
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@5.0.0
purl pkg:maven/org.apache.kylin/kylin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5h7z-8j2q-k3hk
1
vulnerability VCID-74vu-bu5d-zqgq
2
vulnerability VCID-dzkm-q626-pug7
3
vulnerability VCID-m89c-z84y-jug2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@5.0.0
aliases CVE-2024-23590, GHSA-752q-72qc-rc66
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygvg-2wzv-nubj
Fixing_vulnerabilities
0
url VCID-55ud-m45e-fqhk
vulnerability_id VCID-55ud-m45e-fqhk
summary 
Apache Kylin vulnerable to remote code execution
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24697
reference_id
reference_type
scores
0
value 0.13594
scoring_system epss
scoring_elements 0.94378
published_at 2026-06-05T12:55:00Z
1
value 0.13594
scoring_system epss
scoring_elements 0.94381
published_at 2026-06-08T12:55:00Z
2
value 0.13594
scoring_system epss
scoring_elements 0.94379
published_at 2026-06-06T12:55:00Z
3
value 0.13594
scoring_system epss
scoring_elements 0.94369
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24697
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/pull/1811
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1811
3
reference_url https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-16T13:42:40Z/
url https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4
4
reference_url http://www.openwall.com/lists/oss-security/2022/12/30/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-16T13:42:40Z/
url http://www.openwall.com/lists/oss-security/2022/12/30/1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24697
reference_id CVE-2022-24697
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24697
6
reference_url https://github.com/advisories/GHSA-ppxx-m926-g569
reference_id GHSA-ppxx-m926-g569
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ppxx-m926-g569
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@2.6.6
purl pkg:maven/org.apache.kylin/kylin@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-8v1x-1x2n-vbhu
3
vulnerability VCID-8ye7-t531-b7hw
4
vulnerability VCID-jy58-3kzh-xfbz
5
vulnerability VCID-pjr6-y7uu-jqfd
6
vulnerability VCID-qvy9-qe44-kbf1
7
vulnerability VCID-sz6c-t8m7-z3dj
8
vulnerability VCID-ue1j-npxy-37cq
9
vulnerability VCID-x2j7-1kq5-e3ec
10
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@2.6.6
1
url pkg:maven/org.apache.kylin/kylin@3.1.3
purl pkg:maven/org.apache.kylin/kylin@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3
2
url pkg:maven/org.apache.kylin/kylin@4.0.2
purl pkg:maven/org.apache.kylin/kylin@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-5h7z-8j2q-k3hk
2
vulnerability VCID-74vu-bu5d-zqgq
3
vulnerability VCID-7sr2-htxm-v7dw
4
vulnerability VCID-dzkm-q626-pug7
5
vulnerability VCID-m89c-z84y-jug2
6
vulnerability VCID-ue1j-npxy-37cq
7
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.2
aliases CVE-2022-24697, GHSA-ppxx-m926-g569
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55ud-m45e-fqhk
1
url VCID-8v1x-1x2n-vbhu
vulnerability_id VCID-8v1x-1x2n-vbhu
summary 
Inadequate Encryption Strength
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 and prior versions; Apache Kylin 3 and prior versions; Apache Kylin 4 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-45458
reference_id
reference_type
scores
0
value 0.00631
scoring_system epss
scoring_elements 0.70682
published_at 2026-06-04T12:55:00Z
1
value 0.00631
scoring_system epss
scoring_elements 0.70703
published_at 2026-06-08T12:55:00Z
2
value 0.00631
scoring_system epss
scoring_elements 0.70715
published_at 2026-06-07T12:55:00Z
3
value 0.00631
scoring_system epss
scoring_elements 0.70732
published_at 2026-06-06T12:55:00Z
4
value 0.00631
scoring_system epss
scoring_elements 0.70725
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-45458
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/pull/1781
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1781
3
reference_url https://github.com/apache/kylin/pull/1782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1782
4
reference_url https://lists.apache.org/thread/oof215qz188k16vhlo97cm1jksxdowfy
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/oof215qz188k16vhlo97cm1jksxdowfy
5
reference_url http://www.openwall.com/lists/oss-security/2022/01/06/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/06/3
6
reference_url http://www.openwall.com/lists/oss-security/2022/01/06/7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/06/7
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45458
reference_id CVE-2021-45458
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-45458
8
reference_url https://github.com/advisories/GHSA-9fj5-jg6f-qg5r
reference_id GHSA-9fj5-jg6f-qg5r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9fj5-jg6f-qg5r
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
purl pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-jy58-3kzh-xfbz
3
vulnerability VCID-qvy9-qe44-kbf1
4
vulnerability VCID-ue1j-npxy-37cq
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
1
url pkg:maven/org.apache.kylin/kylin@3.1.3
purl pkg:maven/org.apache.kylin/kylin@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3
2
url pkg:maven/org.apache.kylin/kylin@4.0.1
purl pkg:maven/org.apache.kylin/kylin@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-5h7z-8j2q-k3hk
3
vulnerability VCID-74vu-bu5d-zqgq
4
vulnerability VCID-7sr2-htxm-v7dw
5
vulnerability VCID-dzkm-q626-pug7
6
vulnerability VCID-m89c-z84y-jug2
7
vulnerability VCID-ue1j-npxy-37cq
8
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.1
aliases CVE-2021-45458, GHSA-9fj5-jg6f-qg5r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8v1x-1x2n-vbhu
2
url VCID-cret-1sa1-8kd6
vulnerability_id VCID-cret-1sa1-8kd6
summary 
Server-Side Request Forgery (SSRF)
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints does not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27738
reference_id
reference_type
scores
0
value 0.02184
scoring_system epss
scoring_elements 0.84683
published_at 2026-06-08T12:55:00Z
1
value 0.02184
scoring_system epss
scoring_elements 0.84673
published_at 2026-06-04T12:55:00Z
2
value 0.02184
scoring_system epss
scoring_elements 0.84698
published_at 2026-06-05T12:55:00Z
3
value 0.02184
scoring_system epss
scoring_elements 0.84701
published_at 2026-06-06T12:55:00Z
4
value 0.02184
scoring_system epss
scoring_elements 0.84695
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27738
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/pull/1646
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1646
3
reference_url https://lists.apache.org/thread/vkohh0to2vzwymyb2x13fszs3cs3vd70
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/vkohh0to2vzwymyb2x13fszs3cs3vd70
4
reference_url http://www.openwall.com/lists/oss-security/2022/01/06/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/06/6
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27738
reference_id CVE-2021-27738
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27738
6
reference_url https://github.com/advisories/GHSA-wrx7-qgmj-mf2q
reference_id GHSA-wrx7-qgmj-mf2q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wrx7-qgmj-mf2q
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.1.2
purl pkg:maven/org.apache.kylin/kylin@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-7sr2-htxm-v7dw
3
vulnerability VCID-8v1x-1x2n-vbhu
4
vulnerability VCID-pjr6-y7uu-jqfd
5
vulnerability VCID-sz6c-t8m7-z3dj
6
vulnerability VCID-ue1j-npxy-37cq
7
vulnerability VCID-x2j7-1kq5-e3ec
8
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.2
1
url pkg:maven/org.apache.kylin/kylin@3.1.3
purl pkg:maven/org.apache.kylin/kylin@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3
aliases CVE-2021-27738, GHSA-wrx7-qgmj-mf2q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cret-1sa1-8kd6
3
url VCID-pjr6-y7uu-jqfd
vulnerability_id VCID-pjr6-y7uu-jqfd
summary 
Insufficiently Protected Credentials
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 and prior versions; Apache Kylin 3 and prior versions; Apache Kylin 4 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-45457
reference_id
reference_type
scores
0
value 0.0084
scoring_system epss
scoring_elements 0.75075
published_at 2026-06-04T12:55:00Z
1
value 0.0084
scoring_system epss
scoring_elements 0.75086
published_at 2026-06-08T12:55:00Z
2
value 0.0084
scoring_system epss
scoring_elements 0.751
published_at 2026-06-07T12:55:00Z
3
value 0.0084
scoring_system epss
scoring_elements 0.75108
published_at 2026-06-06T12:55:00Z
4
value 0.0084
scoring_system epss
scoring_elements 0.75104
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-45457
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/pull/1781
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1781
3
reference_url https://github.com/apache/kylin/pull/1782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1782
4
reference_url https://lists.apache.org/thread/rzv4mq58okwj1n88lry82ol2wwm57q1m
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/rzv4mq58okwj1n88lry82ol2wwm57q1m
5
reference_url http://www.openwall.com/lists/oss-security/2022/01/06/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/06/2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45457
reference_id CVE-2021-45457
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-45457
7
reference_url https://github.com/advisories/GHSA-mgpf-hhgf-cxg4
reference_id GHSA-mgpf-hhgf-cxg4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mgpf-hhgf-cxg4
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
purl pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-jy58-3kzh-xfbz
3
vulnerability VCID-qvy9-qe44-kbf1
4
vulnerability VCID-ue1j-npxy-37cq
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
1
url pkg:maven/org.apache.kylin/kylin@3.1.3
purl pkg:maven/org.apache.kylin/kylin@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3
2
url pkg:maven/org.apache.kylin/kylin@4.0.1
purl pkg:maven/org.apache.kylin/kylin@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-5h7z-8j2q-k3hk
3
vulnerability VCID-74vu-bu5d-zqgq
4
vulnerability VCID-7sr2-htxm-v7dw
5
vulnerability VCID-dzkm-q626-pug7
6
vulnerability VCID-m89c-z84y-jug2
7
vulnerability VCID-ue1j-npxy-37cq
8
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.1
aliases CVE-2021-45457, GHSA-mgpf-hhgf-cxg4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjr6-y7uu-jqfd
4
url VCID-sz6c-t8m7-z3dj
vulnerability_id VCID-sz6c-t8m7-z3dj
summary 
Exposure of Resource to Wrong Sphere
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 and prior versions; Apache Kylin 3 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36774
reference_id
reference_type
scores
0
value 0.00805
scoring_system epss
scoring_elements 0.74535
published_at 2026-06-06T12:55:00Z
1
value 0.00805
scoring_system epss
scoring_elements 0.74507
published_at 2026-06-08T12:55:00Z
2
value 0.00805
scoring_system epss
scoring_elements 0.74524
published_at 2026-06-07T12:55:00Z
3
value 0.00805
scoring_system epss
scoring_elements 0.74497
published_at 2026-06-04T12:55:00Z
4
value 0.00805
scoring_system epss
scoring_elements 0.7453
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36774
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/pull/1646
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1646
3
reference_url https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow
4
reference_url http://www.openwall.com/lists/oss-security/2022/01/06/5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/06/5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36774
reference_id CVE-2021-36774
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36774
6
reference_url https://github.com/advisories/GHSA-5429-pjww-7675
reference_id GHSA-5429-pjww-7675
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5429-pjww-7675
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
purl pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-jy58-3kzh-xfbz
3
vulnerability VCID-qvy9-qe44-kbf1
4
vulnerability VCID-ue1j-npxy-37cq
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
1
url pkg:maven/org.apache.kylin/kylin@3.1.3
purl pkg:maven/org.apache.kylin/kylin@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3
aliases CVE-2021-36774, GHSA-5429-pjww-7675
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz6c-t8m7-z3dj
5
url VCID-x2j7-1kq5-e3ec
vulnerability_id VCID-x2j7-1kq5-e3ec
summary 
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 and prior versions; Apache Kylin 3 and prior versions; Apache Kylin 4 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31522
reference_id
reference_type
scores
0
value 0.03405
scoring_system epss
scoring_elements 0.87644
published_at 2026-06-04T12:55:00Z
1
value 0.03405
scoring_system epss
scoring_elements 0.87667
published_at 2026-06-08T12:55:00Z
2
value 0.03405
scoring_system epss
scoring_elements 0.87666
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31522
1
reference_url https://github.com/apache/kylin
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin
2
reference_url https://github.com/apache/kylin/pull/1695
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1695
3
reference_url https://github.com/apache/kylin/pull/1763
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kylin/pull/1763
4
reference_url https://lists.apache.org/thread/hh5crx3yr701zd8wtpqo1mww2rlkvznw
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/hh5crx3yr701zd8wtpqo1mww2rlkvznw
5
reference_url http://www.openwall.com/lists/oss-security/2022/01/06/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/06/4
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31522
reference_id CVE-2021-31522
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31522
7
reference_url https://github.com/advisories/GHSA-q656-g2x3-8cgh
reference_id GHSA-q656-g2x3-8cgh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q656-g2x3-8cgh
fixed_packages
0
url pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
purl pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-jy58-3kzh-xfbz
3
vulnerability VCID-qvy9-qe44-kbf1
4
vulnerability VCID-ue1j-npxy-37cq
5
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.0.0-alpha
1
url pkg:maven/org.apache.kylin/kylin@3.1.3
purl pkg:maven/org.apache.kylin/kylin@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-7sr2-htxm-v7dw
2
vulnerability VCID-ue1j-npxy-37cq
3
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3
2
url pkg:maven/org.apache.kylin/kylin@4.0.1
purl pkg:maven/org.apache.kylin/kylin@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mp1-7zce-dkh8
1
vulnerability VCID-55ud-m45e-fqhk
2
vulnerability VCID-5h7z-8j2q-k3hk
3
vulnerability VCID-74vu-bu5d-zqgq
4
vulnerability VCID-7sr2-htxm-v7dw
5
vulnerability VCID-dzkm-q626-pug7
6
vulnerability VCID-m89c-z84y-jug2
7
vulnerability VCID-ue1j-npxy-37cq
8
vulnerability VCID-ygvg-2wzv-nubj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@4.0.1
aliases CVE-2021-31522, GHSA-q656-g2x3-8cgh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2j7-1kq5-e3ec
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kylin/kylin@3.1.3