Severity: important Description:
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request. Work Arounds: Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.3 or apply patch https://github.com/apache/kylin/pull/2011 https://github.com/apache/kylin/pull/2011 Credit: Messy God <godime...@gmail.com> (finder) References: https://kylin.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-44621