{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T22:26:32.046","vulnerabilities":[{"cve":{"id":"CVE-2020-13926","sourceIdentifier":"security@apache.org","published":"2020-07-14T13:15:11.517","lastModified":"2024-11-21T05:02:09.750","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0 should upgrade to 3.1.0."},{"lang":"es","value":"Kylin concatena y ejecuta un Hive SQL en Hive CLI o en línea recta cuando se construye un nuevo segmento; alguna parte de la HQL proviene de las configuraciones del sistema, mientras que la configuración puede ser sobrescrita con determinada API rest, lo que hace posible el ataque de inyección SQL. Los usuarios de todas las versiones anteriores después de 2.0 deben actualizar a la versión 3.1.0"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"3.1.0","matchCriteriaId":"EAB24F64-EAD4-4DD1-92C1-32FE5F2F3E18"}]}]}],"references":[{"url":"https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf%40%3Ccommits.kylin.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r63d5663169e866d44ff9250796193337cff7d9cf61cc3839e86163fd%40%3Cuser.kylin.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf%40%3Ccommits.kylin.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r63d5663169e866d44ff9250796193337cff7d9cf61cc3839e86163fd%40%3Cuser.kylin.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}