Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
Fixes

Solution

No solution given by the vendor.


Workaround

Users of Kylin 2.x & Kylin 3.x should upgrade to 3.1.3 or apply patch https://github.com/apache/kylin/pull/1695. Users of Kylin 4.x should upgrade to 4.0.1 or apply patch https://github.com/apache/kylin/pull/1763.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-03T23:03:33.379Z

Reserved: 2021-04-21T00:00:00

Link: CVE-2021-31522

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-06T13:15:08.027

Modified: 2024-11-21T06:05:51.050

Link: CVE-2021-31522

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.