CVE-2022-43396

Published: 2022-12-30T11:15Z

Last Modified: 2025-04-11T15:15Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt