Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-1956

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.937
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
Proposed Action
Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.
Ransomware Campaign
Unknown
References
Products affected by CVE-2020-1956
  • Apache » Kylin » Version: 2.3.0
    cpe:2.3:a:apache:kylin:2.3.0
  • Apache » Kylin » Version: 2.3.1
    cpe:2.3:a:apache:kylin:2.3.1
  • Apache » Kylin » Version: 2.3.2
    cpe:2.3:a:apache:kylin:2.3.2
  • Apache » Kylin » Version: 2.4.0
    cpe:2.3:a:apache:kylin:2.4.0
  • Apache » Kylin » Version: 2.4.1
    cpe:2.3:a:apache:kylin:2.4.1
  • Apache » Kylin » Version: 2.5.0
    cpe:2.3:a:apache:kylin:2.5.0
  • Apache » Kylin » Version: 2.5.1
    cpe:2.3:a:apache:kylin:2.5.1
  • Apache » Kylin » Version: 2.5.2
    cpe:2.3:a:apache:kylin:2.5.2
  • Apache » Kylin » Version: 2.6.0
    cpe:2.3:a:apache:kylin:2.6.0
  • Apache » Kylin » Version: 2.6.1
    cpe:2.3:a:apache:kylin:2.6.1
  • Apache » Kylin » Version: 2.6.2
    cpe:2.3:a:apache:kylin:2.6.2
  • Apache » Kylin » Version: 2.6.3
    cpe:2.3:a:apache:kylin:2.6.3
  • Apache » Kylin » Version: 2.6.4
    cpe:2.3:a:apache:kylin:2.6.4
  • Apache » Kylin » Version: 2.6.5
    cpe:2.3:a:apache:kylin:2.6.5
  • Apache » Kylin » Version: 3.0.0
    cpe:2.3:a:apache:kylin:3.0.0
  • Apache » Kylin » Version: 3.0.1
    cpe:2.3:a:apache:kylin:3.0.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved