CVE-2021-45456

Name of the Vulnerable Software and Affected Versions Apache Kylin version 4.0.0

Description The issue is related to a command injection vulnerability due to a mismatch between the checked and used project name in the DiagnosisService. This may allow an attacker to execute arbitrary commands by passing an illegal project name. The vulnerability is associated with a lack of input data sanitization.

Recommendations For Apache Kylin version 4.0.0, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.