CNNVD-202510-357 Information

CNNVD ID

CNNVD-202510-357

Related CVE

CVE-2025-61734

• CNNVD Published: 2025-10-02

Description (Chinese)

Apache Kylin是美国阿帕奇（Apache）基金会的一款开源的分布式分析型数据仓库。该产品主要提供Hadoop/Spark之上的SQL查询接口及多维分析（OLAP）等功能。 Apache Kylin 4.0.0版本至5.0.2版本存在安全漏洞，该漏洞源于文件或目录可被外部访问，可能导致信息泄露。

Description (English)

Apache Kylin is an open source, distributed and analytical data warehouse for the Apache Foundation in the United States. The product provides, inter alia, SQL query interfaces and multi-dimensional analysis (OLAPs) on Hadoop/Spark. There is a security loophole between Appache Kylin, Versions 4.0.0 and 5.0.2, which stems from the fact that documents or directories can be accessed externally and may lead to information leaks.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-10-02

Last Modified

2026-02-24

References

https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2

Patch

https://kylin.apache.org/