CVE Published: 30/12/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: apache |
Vendor: Apache Software Foundation |
Product: Apache Kylin Status : PUBLISHED
CVE-2022-43396 Description
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.