svn commit: r1877937 - in /kylin/site: docs/security.html feed.xml

Tue, 19 May 2020 18:59:40 -0700 

Author: lidong
Date: Wed May 20 01:59:30 2020
New Revision: 1877937

URL: http://svn.apache.org/viewvc?rev=1877937&view=rev
Log:
Add security issue of CVE-2020-1956

Modified:
    kylin/site/docs/security.html
    kylin/site/feed.xml

Modified: kylin/site/docs/security.html
URL: 
http://svn.apache.org/viewvc/kylin/site/docs/security.html?rev=1877937&r1=1877936&r2=1877937&view=diff
==============================================================================
--- kylin/site/docs/security.html (original)
+++ kylin/site/docs/security.html Wed May 20 01:59:30 2020
@@ -7752,6 +7752,40 @@ var _hmt = _hmt || [];
 
 <p>This issue was discovered by Jonathan Leitschuh</p>
 
+<h3 
id="cve-2020-1956httpscvemitreorgcgi-bincvenamecginamecve-2020-1956-apache-kylin-command-injection-vulnerability"><a
 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1956";>CVE-2020-1956</a>
 Apache Kylin command injection vulnerability</h3>
+
+<p><strong>Severity</strong></p>
+
+<p>Important</p>
+
+<p><strong>Vendor</strong></p>
+
+<p>The Apache Software Foundation</p>
+
+<p><strong>Versions Affected</strong></p>
+
+<p>Kylin 2.3.0 to 2.3.2</p>
+
+<p>Kylin 2.4.0 to 2.4.1</p>
+
+<p>Kylin 2.5.0 to 2.5.2</p>
+
+<p>Kylin 2.6.0 to 2.6.5</p>
+
+<p>Kylin 3.0.0-alpha, Kylin 3.0.0-alpha2, Kylin 3.0.0-beta, Kylin 3.0.0, Kylin 
3.0.1</p>
+
+<p><strong>Description</strong></p>
+
+<p>Kylin has some restful api which will concat os command with the user input 
string, a user is likely to be able to execute any os command without any 
protection or validation.</p>
+
+<p><strong>Mitigation</strong></p>
+
+<p>Users should upgrade to 3.0.2 or 2.6.6 or set 
kylin.tool.auto-migrate-cube.enabled to false to disable command execution.</p>
+
+<p><strong>Credit</strong></p>
+
+<p>This issue was discovered by Johannes Dahse</p>
+
                                                        </article>
                                                </div>
                                        </div>

Modified: kylin/site/feed.xml
URL: 
http://svn.apache.org/viewvc/kylin/site/feed.xml?rev=1877937&r1=1877936&r2=1877937&view=diff
==============================================================================
--- kylin/site/feed.xml (original)
+++ kylin/site/feed.xml Wed May 20 01:59:30 2020
@@ -19,8 +19,8 @@
     <description>Apache Kylin Home</description>
     <link>http://kylin.apache.org/</link>
     <atom:link href="http://kylin.apache.org/feed.xml"; rel="self" 
type="application/rss+xml"/>
-    <pubDate>Mon, 18 May 2020 21:03:47 -0700</pubDate>
-    <lastBuildDate>Mon, 18 May 2020 21:03:47 -0700</lastBuildDate>
+    <pubDate>Tue, 19 May 2020 18:45:22 -0700</pubDate>
+    <lastBuildDate>Tue, 19 May 2020 18:45:22 -0700</lastBuildDate>
     <generator>Jekyll v2.5.3</generator>
     
       <item>

Reply via email to