CVE-2021-36774

 

Published at: - 06-01-2022 02:15

Last modified: - 13-01-2022 07:48

Total changes: - 2

Description

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

 

Verification logic

 

Reference

• https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow
• [oss-security] 20220106 CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2021-36774

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures