Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all previous versions after 2.3 should upgrade to 3.1.0.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-08-04T12:32:14.207Z
Reserved: 2020-06-08T00:00:00
Link: CVE-2020-13925

No data.

Status : Modified
Published: 2020-07-14T13:15:11.437
Modified: 2024-11-21T05:02:09.647
Link: CVE-2020-13925

No data.

No data.