Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-q656-g2x3-8cgh

GitHub Security Advisory

Kylin can receive user input and load any class through Class.forName(...).

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Affected Packages

Maven org.apache.kylin:kylin
Affected versions: 0 (fixed in 3.1.3)
Maven org.apache.kylin:kylin
Affected versions: 4.0.0 (fixed in 4.0.1)

Related CVEs

CVE-2021-31522

Key Information

GHSA ID
GHSA-q656-g2x3-8cgh
Published
January 8, 2022 12:43 AM
Last Modified
January 7, 2022 11:21 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.apache.kylin:kylin
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.