Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-mgpf-hhgf-cxg4

GitHub Security Advisory

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Affected Packages

Maven org.apache.kylin:kylin
Affected versions: 0 (fixed in 3.1.3)
Maven org.apache.kylin:kylin
Affected versions: 4.0.0 (fixed in 4.0.1)

Related CVEs

CVE-2021-45457

Key Information

GHSA ID
GHSA-mgpf-hhgf-cxg4
Published
January 8, 2022 12:43 AM
Last Modified
July 13, 2022 6:50 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.apache.kylin:kylin
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.