CVE-2021-36774
Last modified
CVE-2021-36774 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. EPSS estimates a 1.95% chance of exploitation in the next 30 days.
Description
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Kylin | >= 2.0.0, <= 2.6.6 |
| Apache | Kylin | >= 3.0.0, <= 3.1.2 |
References
- http://www.openwall.com/lists/oss-security/2022/01/06/5Mailing List, Third Party Advisory
- https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2owMailing List, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2022/01/06/5Mailing List, Third Party Advisory
- https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2owMailing List, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-36774?
How severe is CVE-2021-36774?
How do I fix CVE-2021-36774?
Are you affected by CVE-2021-36774?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST