VulnerableCode Package Details - pkg:maven/org.apache.kylin/kylin@2.2.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.kylin/kylin@2.2.0

Essentials
History (2)

purl	pkg:maven/org.apache.kylin/kylin@2.2.0

Next non-vulnerable version	3.1.1
Latest non-vulnerable version	5.0.3
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-8ye7-t531-b7hw Aliases: CVE-2020-13937 GHSA-2hpg-vwqj-6h6w	Insecure Storage of Sensitive Information Apache Kylin has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.	3.0.0-alpha Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.1 Affected by 0 other vulnerabilities. 4.0.0-beta Affected by 0 other vulnerabilities. 4.0.1 Affected by 0 other vulnerabilities.
VCID-qvy9-qe44-kbf1 Aliases: CVE-2020-13926 GHSA-hx5g-8hq2-8x4w	SQL Injection Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible.	3.1.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-8ye7-t531-b7hw
Aliases:
CVE-2020-13937
GHSA-2hpg-vwqj-6h6w

Insecure Storage of Sensitive Information Apache Kylin has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.

3.0.0-alpha
Affected by 2 other vulnerabilities.

3.1.1
Affected by 0 other vulnerabilities.

4.0.0-beta
Affected by 0 other vulnerabilities.

4.0.1
Affected by 0 other vulnerabilities.

VCID-qvy9-qe44-kbf1
Aliases:
CVE-2020-13926
GHSA-hx5g-8hq2-8x4w

SQL Injection Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible.

3.1.0
Affected by 1 other vulnerability.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:40:03.462887+00:00	GitLab Importer	Affected by	VCID-8ye7-t531-b7hw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin/CVE-2020-13937.yml	38.6.0
2026-06-04T20:32:57.098916+00:00	GitLab Importer	Affected by	VCID-qvy9-qe44-kbf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin/CVE-2020-13926.yml	38.6.0