Author: lidong
Date: Tue Jul 14 03:11:21 2020
New Revision: 1879845
URL: http://svn.apache.org/viewvc?rev=1879845&view=rev
Log:
Rollback desc
Modified:
kylin/site/docs/security.html
kylin/site/feed.xml
Modified: kylin/site/docs/security.html
URL:
http://svn.apache.org/viewvc/kylin/site/docs/security.html?rev=1879845&r1=1879844&r2=1879845&view=diff
==============================================================================
--- kylin/site/docs/security.html (original)
+++ kylin/site/docs/security.html Tue Jul 14 03:11:21 2020
@@ -8400,76 +8400,7 @@ var _hmt = _hmt || [];
<article
class="post-content" >
- <h3
id="cve-2020-13925httpscvemitreorgcgi-bincvenamecginamecve-2020-13925"><a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13925";>CVE-2020-13925</a></h3>
-
-<p><em>Severity</em></p>
-
-<p>Important</p>
-
-<p><em>Vendor</em></p>
-
-<p>The Apache Software Foundation</p>
-
-<p><em>Versions Affected</em></p>
-
-<p>Kylin 2.3.0 to 2.3.2</p>
-
-<p>Kylin 2.4.0 to 2.4.1</p>
-
-<p>Kylin 2.5.0 to 2.5.2</p>
-
-<p>Kylin 2.6.0 to 2.6.6</p>
-
-<p>Kylin 3.0.0-alpha, Kylin 3.0.0-alpha2, Kylin 3.0.0-beta, Kylin 3.0.0 to
Kylin 3.0.2</p>
-
-<p><em>Description</em></p>
-
-<p>Similar with CVE-2020-1956, Kylin has one more restful api which will
concatenate os command with the user<br />
-input string, user is likely to be able to execute any os command without
enough validation.</p>
-
-<p><em>Mitigation</em></p>
-
-<p>Users should upgrade to 3.1.0.</p>
-
-<p><em>Credit</em></p>
-
-<p>This issue was discovered by clanceyz.</p>
-
-<h3 id="cve-2020-13926httpscvemitreorgcgi-bincvenamecginamecve-2020-13925"><a
href="(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13925)">CVE-2020-13926</a></h3>
-
-<p><em>Severity</em></p>
-
-<p>Important</p>
-
-<p><em>Vendor</em></p>
-
-<p>The Apache Software Foundation</p>
-
-<p><em>Versions Affected</em></p>
-
-<p>Kylin 2.3.0 to 2.3.2</p>
-
-<p>Kylin 2.4.0 to 2.4.1</p>
-
-<p>Kylin 2.5.0 to 2.5.2</p>
-
-<p>Kylin 2.6.0 to 2.6.6</p>
-
-<p>Kylin 3.0.0-alpha, Kylin 3.0.0-alpha2, Kylin 3.0.0-beta, Kylin 3.0.0 to
Kylin 3.0.2</p>
-
-<p><em>Description</em></p>
-
-<p>Kylin will concatenate and execute HQL in Hive CLI or beeline when building
new segment, some part of the HQL is changeable by the rest api, which make SQL
injection attack is achievable.</p>
-
-<p><em>Mitigation</em></p>
-
-<p>Users should upgrade to 3.1.0.</p>
-
-<p><em>Credit</em></p>
-
-<p>This issue was discovered by Rupeng Wang.</p>
-
-<h3
id="cve-2020-1937httpscvemitreorgcgi-bincvenamecginamecve-2020-1937-apache-kylin-sql-injection-vulnerability"><a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1937";>CVE-2020-1937</a>
Apache Kylin SQL injection vulnerability</h3>
+ <h3
id="cve-2020-1937httpscvemitreorgcgi-bincvenamecginamecve-2020-1937-apache-kylin-sql-injection-vulnerability"><a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1937";>CVE-2020-1937</a>
Apache Kylin SQL injection vulnerability</h3>
<p><strong>Severity</strong></p>
Modified: kylin/site/feed.xml
URL:
http://svn.apache.org/viewvc/kylin/site/feed.xml?rev=1879845&r1=1879844&r2=1879845&view=diff
==============================================================================
--- kylin/site/feed.xml (original)
+++ kylin/site/feed.xml Tue Jul 14 03:11:21 2020
@@ -19,8 +19,8 @@
<description>Apache Kylin Home</description>
<link>http://kylin.apache.org/</link>
<atom:link href="http://kylin.apache.org/feed.xml"; rel="self"
type="application/rss+xml"/>
- <pubDate>Wed, 08 Jul 2020 06:59:12 -0700</pubDate>
- <lastBuildDate>Wed, 08 Jul 2020 06:59:12 -0700</lastBuildDate>
+ <pubDate>Mon, 13 Jul 2020 20:00:42 -0700</pubDate>
+ <lastBuildDate>Mon, 13 Jul 2020 20:00:42 -0700</lastBuildDate>
<generator>Jekyll v2.5.3</generator>
<item>
