pkg:Maven/org.apache.kylin:kylin

All known vulnerabilities

• CRITICAL9.1CVE-2024-23590Apache Kylin Session Fixation vulnerability
  >= 2.0.0, < 5.0.0
• HIGH8.8CVE-2022-43396Apache Kylin vulnerable to Command injection by Useless configuration
  >= 2.0.0, < 4.0.3
• HIGH7.5CVE-2025-61733Apache Kylin Authentication Bypass Vulnerability
  >= 4.0.0, < 5.0.3
• HIGH7.5CVE-2025-61734Apache Kylin Files or Directories Accessible to External Parties
  >= 4.0.0, < 5.0.3
• HIGH7.5CVE-2021-45457In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.
  from 0, < 3.1.3
• HIGH7.5CVE-2021-45458Use of Hard-coded Credentials in Apache Kylin
  from 0, < 3.1.3
• HIGH7.3CVE-2025-61735Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability
  >= 4.0.0, < 5.0.3
• MEDIUM6.5CVE-2021-36774SQL Injection in Apache Kylin
  from 0, < 3.1.3
• MEDIUM5.3CVE-2020-13937Authentication bypass in Apache Kylin
  from 0, < 3.1.1
• —CVE-2025-30067Apache Kylin Code Injection via JDBC Configuration Alteration
  >= 4.0.0, < 5.0.2
• —CVE-2021-27738Server-Side Request Forgery in Apache Kylin
  from 0, < 3.1.3
• —CVE-2021-31522Kylin can receive user input and load any class through Class.forName(...).
  from 0, < 3.1.3
• —CVE-2021-45456Command Injection in Apache Kylin
  from 0, < 4.0.1