[kylin] branch document updated: Rollback desc

Mon, 13 Jul 2020 19:55:35 -0700 

This is an automated email from the ASF dual-hosted git repository.

xxyu pushed a commit to branch document
in repository https://gitbox.apache.org/repos/asf/kylin.git


The following commit(s) were added to refs/heads/document by this push:
     new 32de4a6  Rollback desc
32de4a6 is described below

commit 32de4a6ce5d2b6fa36abcb8242212b026c1c117d
Author: xxyu <hit_la...@126.com>
AuthorDate: Tue Jul 14 10:54:41 2020 +0800

    Rollback desc
---
 website/_docs/security.md | 69 -----------------------------------------------
 1 file changed, 69 deletions(-)

diff --git a/website/_docs/security.md b/website/_docs/security.md
index 8329608..2a87c9a 100644
--- a/website/_docs/security.md
+++ b/website/_docs/security.md
@@ -5,75 +5,6 @@ categories: docs
 permalink: /docs/security.html
 ---
 
-### 
[CVE-2020-13925](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13925)
-
-_Severity_
-
-Important
-
-_Vendor_
-
-The Apache Software Foundation
-
-_Versions Affected_
-
-Kylin 2.3.0 to 2.3.2
-
-Kylin 2.4.0 to 2.4.1
-
-Kylin 2.5.0 to 2.5.2
-
-Kylin 2.6.0 to 2.6.6
-
-Kylin 3.0.0-alpha, Kylin 3.0.0-alpha2, Kylin 3.0.0-beta, Kylin 3.0.0 to Kylin 
3.0.2
-
-_Description_
-
-Similar with CVE-2020-1956, Kylin has one more restful api which will 
concatenate os command with the user
-input string, user is likely to be able to execute any os command without 
enough validation.
-
-_Mitigation_
-
-Users should upgrade to 3.1.0.
-
-_Credit_
-
-This issue was discovered by clanceyz.
-
-
-### 
[CVE-2020-13926]((https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13925))
-
-_Severity_
-
-Important
-
-_Vendor_
-
-The Apache Software Foundation
-
-_Versions Affected_
-
-Kylin 2.3.0 to 2.3.2
-
-Kylin 2.4.0 to 2.4.1
-
-Kylin 2.5.0 to 2.5.2
-
-Kylin 2.6.0 to 2.6.6
-
-Kylin 3.0.0-alpha, Kylin 3.0.0-alpha2, Kylin 3.0.0-beta, Kylin 3.0.0 to Kylin 
3.0.2
-
-_Description_
-
-Kylin will concatenate and execute HQL in Hive CLI or beeline when building 
new segment, some part of the HQL is changeable by the rest api, which make SQL 
injection attack is achievable.
-
-_Mitigation_
-
-Users should upgrade to 3.1.0.
-
-_Credit_
-
-This issue was discovered by Rupeng Wang.
 
 ### 
[CVE-2020-1937](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1937) 
Apache Kylin SQL injection vulnerability

Reply via email to