Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.kylin/kylin-server-base@2.3.1
purl pkg:maven/org.apache.kylin/kylin-server-base@2.3.1
Next non-vulnerable version 4.0.3
Latest non-vulnerable version 4.0.3
Risk 10.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-3tdp-fpt7-mycx
Aliases:
CVE-2020-1937
GHSA-7hmh-8gwv-mfvq
SQL Injection Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
2.6.5
Affected by 4 other vulnerabilities.
3.0.1
Affected by 4 other vulnerabilities.
VCID-55ud-m45e-fqhk
Aliases:
CVE-2022-24697
GHSA-ppxx-m926-g569
Apache Kylin vulnerable to remote code execution Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.
4.0.2
Affected by 1 other vulnerability.
VCID-7sr2-htxm-v7dw
Aliases:
CVE-2022-44621
GHSA-w9rv-xmf7-x3gh
Apache Kylin vulnerable to Command injection by Diagnosis Controller Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
4.0.3
Affected by 0 other vulnerabilities.
VCID-jy58-3kzh-xfbz
Aliases:
CVE-2020-13925
GHSA-qwfw-gxx2-mmv2
OS Command Injection Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely.
3.1.0
Affected by 2 other vulnerabilities.
VCID-qvy9-qe44-kbf1
Aliases:
CVE-2020-13926
GHSA-hx5g-8hq2-8x4w
SQL Injection Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible.
3.1.0
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T03:54:05.141832+00:00 GitLab Importer Affected by VCID-55ud-m45e-fqhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin-server-base/CVE-2022-24697.yml 38.6.0
2026-06-06T03:21:07.948824+00:00 GitLab Importer Affected by VCID-7sr2-htxm-v7dw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin-server-base/CVE-2022-44621.yml 38.6.0
2026-06-04T20:33:30.727890+00:00 GitLab Importer Affected by VCID-qvy9-qe44-kbf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin-server-base/CVE-2020-13926.yml 38.6.0
2026-06-04T20:33:29.624466+00:00 GitLab Importer Affected by VCID-3tdp-fpt7-mycx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin-server-base/CVE-2020-1937.yml 38.6.0
2026-06-04T20:33:29.391855+00:00 GitLab Importer Affected by VCID-jy58-3kzh-xfbz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin-server-base/CVE-2020-13925.yml 38.6.0