6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-1937

GHSA ID

GHSA-7hmh-8gwv-mfvq

EPSS Score

0.92708%

CWE

CWE-89

Published

7/27/2020

Updated

2/1/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-1937

CVE-2020-1937:
SQL Injection in Kylin

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-1937

GHSA ID

GHSA-7hmh-8gwv-mfvq

EPSS Score

0.92708%

CWE

CWE-89

Published

7/27/2020

Updated

2/1/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.kylin:kylin-server-base	maven	< 2.6.5	2.6.5
org.apache.kylin:kylin-server-base	maven	= 3.0.0	3.0.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

Kylin **s som* r*st*ul *pis w*i** will *on**t*n*t* SQLs wit* t** us*r input strin*, * us*r is lik*ly to ** **l* to run m*li*ious **t***s* qu*ri*s.

Reasoning

No *n*lysis *v*il**l*

6.5

Basic Information

Concerned about an active attack path?

CVE-2020-1937: SQL Injection in Kylin

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-1937:
SQL Injection in Kylin

Vulnerability Intelligence
Miggo AI