CVE-2021-31522

CVE-2021-31522: Apache Kylin unsafe class loading

Vendor Apache Software Foundation

Product Apache Kylin

Published January 6, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Key dates

Disclosure timeline

January 6, 2022 CVE published

August 3, 2024 Record updated

Identifiers

CVE CVE-2021-31522

Affected versions

Vendor Apache Software Foundation

Product Apache Kylin

Affected ≥ Apache Kylin 2 and ≤ 2.6.6

Vendor Apache Software Foundation

Product Apache Kylin

Affected ≥ Apache Kylin 3 and ≤ 3.1.2

Vendor Apache Software Foundation

Product Apache Kylin

Affected ≥ Apache Kylin 4 and ≤ 4.0.0