-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.kylin:kylin-server-base | maven | >= 2.0.0, < 4.0.3 | 4.0.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing input validation on the 'jobId' parameter in DiagnosisController's dumpJobDiagnosisInfo method. The GitHub patch shows the fix added ParameterFilter.checkParameter(jobId) to sanitize this input. Before the patch, the unfiltered 'jobId' was passed to a service method that likely constructs OS commands, enabling command injection. The other changes in the commit (removing getSparkSubmitCmd) appear to be cleanup rather than direct vulnerability fixes.