Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.kylin/kylin@2.6.2
purl pkg:maven/org.apache.kylin/kylin@2.6.2
Next non-vulnerable version 3.1.1
Latest non-vulnerable version 5.0.3
Risk
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-3tdp-fpt7-mycx
Aliases:
CVE-2020-1937
GHSA-7hmh-8gwv-mfvq
SQL Injection Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
2.6.5
Affected by 4 other vulnerabilities.
3.0.1
Affected by 4 other vulnerabilities.
VCID-8ssr-ftym-kubw
Aliases:
CVE-2020-1956
GHSA-gprm-xqrc-c2j3
OS Command Injection Apache Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
2.6.6
Affected by 7 other vulnerabilities.
3.0.2
Affected by 3 other vulnerabilities.
VCID-8ye7-t531-b7hw
Aliases:
CVE-2020-13937
GHSA-2hpg-vwqj-6h6w
Insecure Storage of Sensitive Information Apache Kylin has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
3.0.0-alpha
Affected by 2 other vulnerabilities.
3.1.1
Affected by 0 other vulnerabilities.
4.0.0-beta
Affected by 0 other vulnerabilities.
4.0.1
Affected by 0 other vulnerabilities.
VCID-jy58-3kzh-xfbz
Aliases:
CVE-2020-13925
GHSA-qwfw-gxx2-mmv2
OS Command Injection Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely.
3.1.0
Affected by 1 other vulnerability.
VCID-qvy9-qe44-kbf1
Aliases:
CVE-2020-13926
GHSA-hx5g-8hq2-8x4w
SQL Injection Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible.
3.1.0
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:40:03.505383+00:00 GitLab Importer Affected by VCID-8ye7-t531-b7hw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin/CVE-2020-13937.yml 38.6.0
2026-06-04T20:32:57.436012+00:00 GitLab Importer Affected by VCID-jy58-3kzh-xfbz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin/CVE-2020-13925.yml 38.6.0
2026-06-04T20:32:57.151289+00:00 GitLab Importer Affected by VCID-qvy9-qe44-kbf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin/CVE-2020-13926.yml 38.6.0
2026-06-04T20:30:44.439574+00:00 GitLab Importer Affected by VCID-8ssr-ftym-kubw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin/CVE-2020-1956.yml 38.6.0
2026-06-04T20:27:38.258166+00:00 GitLab Importer Affected by VCID-3tdp-fpt7-mycx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin/CVE-2020-1937.yml 38.6.0