CVE-2021-36774: SQL Injection in Apache Kylin
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.73553%
CWE
Published
1/8/2022
Updated
8/8/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.apache.kylin:kylin | maven | < 3.1.3 | 3.1.3 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from unsafe handling of MySQL JDBC connection properties. Key functions are those involved in JDBC connection establishment:
- Driver.connect() is the entry point for JDBC connections and would be responsible for processing connection URLs/properties
- JdbcDataSource.createConnection() would handle the actual database connection logic Both would need to propagate unsafe properties like 'autoDeserialize' to the MySQL driver to enable the RCE vector. The high confidence comes from:
- CWE-668 alignment (exposing Kylin to untrusted MySQL servers)
- The patch context showing JDBC-related fixes
- MySQL driver's known risks with unserialization properties