Apache · Kylin · CVE-2020-13925
**Name of the Vulnerable Software and Affected Versions**
Kylin versions prior to 3.1.0
**Description**
The issue allows hackers to execute OS commands remotely due to missing input validation in a restful API. This API concatenates user inputs into OS commands and executes them on the server.
**Recommendations**
For versions prior to 3.1.0, upgrade to version 3.1.0 to resolve the issue.