Apache Kylin unsafe class loading
CVE-2021-31522
9.8CRITICAL
What is CVE-2021-31522?
Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
Affected Version(s)
Apache Kylin Apache Kylin 2 <= 2.6.6
Apache Kylin Apache Kylin 3 <= 3.1.2
Apache Kylin Apache Kylin 4 <= 4.0.0