What is CVE-2020-1937?

CVE-2020-1937 is a vulnerability found in Apache Kylin, allowing an attacker to run malicious database queries through RESTful APIs.

What is the severity of CVE-2020-1937?

The severity of CVE-2020-1937 is high, with a CVSS score of 8.8 out of 10.

Apache Kylin versions 2.3.0 to 2.3.2, 2.4.0 to 2.4.1, 2.5.0 to 2.5.2, and 2.6.0 to 2.6.4 are affected by CVE-2020-1937.

An attacker can exploit CVE-2020-1937 by concatenating SQLs with user input strings through the affected RESTful APIs.

Yes, you can find more information about CVE-2020-1937 and its references at the following links: <REFERENCE 1>, <REFERENCE 2>, <REFERENCE 3>.

8.8

CWE

24/2/2020

4/8/2024

First published: Mon Feb 24 2020(Updated: )

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

Credit: security@apache.org

What is CVE-2020-1937?
CVE-2020-1937 is a vulnerability found in Apache Kylin, allowing an attacker to run malicious database queries through RESTful APIs.
What is the severity of CVE-2020-1937?
The severity of CVE-2020-1937 is high, with a CVSS score of 8.8 out of 10.
Which versions of Apache Kylin are affected by CVE-2020-1937?
Apache Kylin versions 2.3.0 to 2.3.2, 2.4.0 to 2.4.1, 2.5.0 to 2.5.2, and 2.6.0 to 2.6.4 are affected by CVE-2020-1937.
How can an attacker exploit CVE-2020-1937?
An attacker can exploit CVE-2020-1937 by concatenating SQLs with user input strings through the affected RESTful APIs.
Are there any known references related to CVE-2020-1937?
Yes, you can find more information about CVE-2020-1937 and its references at the following links: <REFERENCE 1>, <REFERENCE 2>, <REFERENCE 3>.