Apache · Apache Kylin · CVE-2022-43396
**Name of the Vulnerable Software and Affected Versions**
Apache Kylin (affected versions not specified)
**Description**
The issue arises from a fix that uses a blacklist to filter user input commands, but this approach is at risk of being bypassed. An attacker can potentially control the command by manipulating the `kylin.engine.spark-cmd` parameter of `conf`.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.