CVE-2021-45456 is a vulnerability in Apache Kylin
Published on January 6, 2022
Command injection
Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass the check and perform the following steps, resulting in a command injection vulnerability. This issue affects Apache Kylin 4.0.0.
Products Associated with CVE-2021-45456
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-45456 are published in Apache Kylin:
Affected Versions
Apache Software Foundation Apache Kylin Version Apache Kylin 4 4.0.0 is affected by CVE-2021-45456Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.