Vulnerability: Apache Kylin 3.0.1 - Command Injection Vulnerability

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.

Impact

Successful exploitation of this vulnerability can lead to unauthorized remote code execution and potential compromise of the affected server.

Severity

high

Verified

Unknown