Miggo Logo

CVE-2021-36774: SQL Injection in Apache Kylin

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.73553%
Published
1/8/2022
Updated
8/8/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.kylin:kylinmaven< 3.1.33.1.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unsafe handling of MySQL JDBC connection properties. Key functions are those involved in JDBC connection establishment:

  1. Driver.connect() is the entry point for JDBC connections and would be responsible for processing connection URLs/properties
  2. JdbcDataSource.createConnection() would handle the actual database connection logic Both would need to propagate unsafe properties like 'autoDeserialize' to the MySQL driver to enable the RCE vector. The high confidence comes from:
  • CWE-668 alignment (exposing Kylin to untrusted MySQL servers)
  • The patch context showing JDBC-related fixes
  • MySQL driver's known risks with unserialization properties

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** Kylin *llows us*rs to r*** **t* *rom ot**r **t***s* syst*ms usin* J***. T** MySQL J*** *riv*r supports **rt*in prop*rti*s, w*i**, i* l**t unmiti**t**, **n *llow *n *tt**k*r to *x**ut* *r*itr*ry *o** *rom * ***k*r-*ontroll** m*li*ious MySQL s*r

Reasoning

T** vuln*r**ility st*ms *rom uns*** **n*lin* o* MySQL J*** *onn**tion prop*rti*s. K*y *un*tions *r* t*os* involv** in J*** *onn**tion *st**lis*m*nt: *. *riv*r.*onn**t() is t** *ntry point *or J*** *onn**tions *n* woul* ** r*sponsi*l* *or pro**ssin* *