CNNVD-202510-356 Information

CNNVD ID

CNNVD-202510-356

Related CVE

CVE-2025-61735

• CNNVD Published: 2025-10-02

Description (Chinese)

Apache Kylin是美国阿帕奇（Apache）基金会的一款开源的分布式分析型数据仓库。该产品主要提供Hadoop/Spark之上的SQL查询接口及多维分析（OLAP）等功能。 Apache Kylin 4.0.0版本至5.0.2版本存在安全漏洞，该漏洞源于容易受到服务端请求伪造攻击。

Description (English)

Apache Kylin is an open source, distributed and analytical data warehouse for the Apache Foundation in the United States. The product provides, inter alia, SQL query interfaces and multi-dimensional analysis (OLAPs) on Hadoop/Spark. There is a security gap between Appache Kylin, Versions 4.0.0 and 5.0.2, which stems from the vulnerability of the service to requests for false attacks.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-10-02

Last Modified

2026-02-24

References

https://lists.apache.org/thread/yscobmx869zvprsykb94r24jtmb58ckh

Patch

https://kylin.apache.org/