CVE-2021-36774 is a vulnerability in Apache Kylin
Published on January 6, 2022
Mysql JDBC Connector Deserialize RCE
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.
Products Associated with CVE-2021-36774
Want to know whenever a new CVE is published for Apache Kylin? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Kylin:- Version Apache Kylin 2, <= 2.6.6 is affected.
- Version Apache Kylin 3, <= 3.1.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.