VulnerableCode Package Details - pkg:maven/org.apache.kylin/kylin-server-base@2.6.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.kylin/kylin-server-base@2.6.3

Essentials
History (5)

purl	pkg:maven/org.apache.kylin/kylin-server-base@2.6.3

Next non-vulnerable version	4.0.3
Latest non-vulnerable version	4.0.3
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-18qy-2g3u-y3c5 Aliases: CVE-2022-44621 GHSA-w9rv-xmf7-x3gh	Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.	4.0.3 Affected by 0 other vulnerabilities.
VCID-2fey-zz91-w7db Aliases: CVE-2020-13926 GHSA-hx5g-8hq2-8x4w	SQL Injection in Kylin	3.1.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-2qpe-nxm8-q7ht Aliases: CVE-2020-1937 GHSA-7hmh-8gwv-mfvq	SQL Injection in Kylin	2.6.5 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.0.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bbtz-n7f8-3key Aliases: CVE-2022-24697 GHSA-ppxx-m926-g569	Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.	4.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-dn31-nnyg-gfhu Aliases: CVE-2020-13925 GHSA-qwfw-gxx2-mmv2	Command Injection in Kylin	3.1.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T18:59:22.880587+00:00	GitLab Importer	Affected by	VCID-bbtz-n7f8-3key	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin-server-base/CVE-2022-24697.yml	38.6.0
2026-06-12T18:43:01.480837+00:00	GitLab Importer	Affected by	VCID-18qy-2g3u-y3c5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin-server-base/CVE-2022-44621.yml	38.6.0
2026-06-12T17:23:18.245620+00:00	GitLab Importer	Affected by	VCID-2fey-zz91-w7db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin-server-base/CVE-2020-13926.yml	38.6.0
2026-06-12T17:23:17.360679+00:00	GitLab Importer	Affected by	VCID-2qpe-nxm8-q7ht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin-server-base/CVE-2020-1937.yml	38.6.0
2026-06-12T17:23:17.131742+00:00	GitLab Importer	Affected by	VCID-dn31-nnyg-gfhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin-server-base/CVE-2020-13925.yml	38.6.0