Home > Vulnerability Database > CVE-2020-13926

Mend.io Vulnerability Database

CVE-2020-13926

Good to know:

Date: July 21, 2020

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0 should upgrade to 3.1.0.

Language: Java

Severity Score

5.5

Related Resources (4)

Url: https://lists.apache.org/thread.html/r63d5663169e866d44ff9250796193337cff7d9cf61cc3839e86163fd%40%3Cuser.kylin.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-13926

Url: https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E

Url: https://www.mend.io/vulnerability-database/CVE-2020-13926

Severity Score

5.5

Weakness Type (CWE)

SQL Injection

CWE-89

Top Fix

Upgrade Version

Upgrade to version org.apache.kylin:kylin-server-base:3.1.0

Learn More

CVSS v3

Base Score:	5.5
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE

CVSS v2

Base Score:	7.5
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-13926

Good to know:

Date: July 21, 2020

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?