CVE-2020-1937: SQL Injection

February 24, 2020 (updated July 15, 2020)

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

References

nvd.nist.gov/vuln/detail/CVE-2020-1937

Code Behaviors & Features

Detect and mitigate CVE-2020-1937 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →