Apache Kylin漏洞

参考:

  • https://nvd.nist.gov/vuln/detail/CVE-2020-1956
  • Apache Kylin历史漏洞分析
  • https://community.sonarsource.com/t/apache-kylin-3-0-1-command-injection-vulnerability/25706
  • https://developer.baidu.com/topic/show/290847

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.

据说环境不好搭,还是用docker吧。

你可能感兴趣的:(java)