CVE-2021-31522

Apache Kylin unsafe class loading

EPSS 2.9%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

06 Jan 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Affected products

Apache Software Foundation · Apache Kylin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/hh5crx3yr701zd8wtpqo1mww2rlkvznw http://www.openwall.com/lists/oss-security/2022/01/06/4