CVE-2021-36774 is a vulnerability in Apache Kylin
Published on January 6, 2022
Mysql JDBC Connector Deserialize RCE
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.
Products Associated with CVE-2021-36774
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-36774 are published in Apache Kylin:
Affected Versions
Apache Software Foundation Apache Kylin:- Version Apache Kylin 2, <= 2.6.6 is affected.
- Version Apache Kylin 3, <= 3.1.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.