What is CVE-2020-13925?

CVE-2020-13925 is a vulnerability in Apache Kylin. Published 2020-07-14.

Is CVE-2020-13925 known to be exploited?

33 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Kylin

CVE-2020-13925

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have th…

EPSS: 0.847 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a Apache Kylin — versions Apache Kylin 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1 3.0.2

Public proof-of-concept exploits

References

lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4b… (x_refsource_MISC)
[kylin-commits] 20200715 svn commit: r1879879 - in /kylin/site: docs/security.html feed.xml (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-13925?: CVE-2020-13925 is a vulnerability in Apache Kylin. Published 2020-07-14.
Is CVE-2020-13925 known to be exploited?: 33 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.