CVE-2021-36774

Name of the Vulnerable Software and Affected Versions Apache Kylin 2 versions 2.6.6 and prior Apache Kylin 3 versions 3.1.2 and prior

Description The issue is related to the MySQL JDBC driver in Apache Kylin, which can allow an attacker to execute arbitrary code from a malicious MySQL server within Kylin server processes if certain properties are left unmitigated. This can be exploited by a remote attacker.

Recommendations For Apache Kylin 2 versions 2.6.6 and prior, update to a version later than 2.6.6 to resolve the issue. For Apache Kylin 3 versions 3.1.2 and prior, update to a version later than 3.1.2 to resolve the issue. As a temporary workaround, consider restricting the use of the MySQL JDBC driver until a patch is available.