📦 Kylin
by Apache
🔍 What is Kylin?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This CVE describes a session fixation vulnerability in Apache Kylin that allows attackers to hijack user sessions by fixing session identifiers before authentication. It affects all Apache Kylin deplo...
This vulnerability in Apache Kylin allows remote attackers to execute arbitrary code by exploiting unsafe reflection through Class.forName() with user-controlled input. It affects all Apache Kylin ver...
Apache Kylin 4.0.0 contains a command injection vulnerability in DiagnosisService where improper validation of project names allows attackers to execute arbitrary shell commands. This vulnerability af...
This vulnerability in Apache Kylin allows unauthorized external parties to access sensitive files or directories if administrative access controls are insufficient. It affects Apache Kylin versions 4....
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin that allows attackers to make unauthorized requests from the server to internal or external systems. It affects Ap...
This CVE describes an authentication bypass vulnerability in Apache Kylin that allows attackers to access protected functionality without proper credentials. It affects all Apache Kylin deployments ru...
This CVE describes a code injection vulnerability in Apache Kylin where attackers with admin access can modify JDBC connection configurations to execute arbitrary remote code. It affects Apache Kylin ...
Apache Kylin versions 2.0.0 to 4.0.3 expose server credentials through an unencrypted web interface that displays the kylin.properties file contents. Attackers can intercept network traffic to steal c...
Apache Kylin's PasswordPlaceholderConfigurer uses hardcoded encryption keys and initialization vectors, making encrypted passwords easily decryptable by anyone who knows the algorithm. This affects us...
This vulnerability allows unauthenticated attackers to manipulate Apache Kylin's streaming cube management and replica sets via unprotected REST API endpoints. Attackers can perform administrative act...