Is org.apache.kylin:kylin-core-common affected by CVE-2020-1956?

Maven org.apache.kylin:kylin-core-common is affected in =3.0.0 <3.0.2.

Is CVE-2020-1956 being exploited?

Yes — it is on the CISA Known Exploited Vulnerabilities (KEV) list.

high exploited in the wild

CVE-2020-1956

Q: Is CVE-2020-1956 being exploited?

Yes — it is on the CISA Known Exploited Vulnerabilities (KEV) list.

Maven · org.apache.kylin:kylin-core-common

Summary

Command Injection in Kylin

Severity: high
EPSS: 98.0% (p100)
Also known as: GHSA-gprm-xqrc-c2j3
Published: 2020-07-27

References

https://nvd.nist.gov/vuln/detail/CVE-2020-1956
https://github.com/apache/kylin/commit/58fad56ac6aaa43c6bd8f962d7f2d84438664092
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1956

Related advisories

CVE-2025-61733 — high · Maven/org.apache.kylin:kylin-core-common
CVE-2025-61735 — high · Maven/org.apache.kylin:kylin-core-common
CVE-2025-61734 — high · Maven/org.apache.kylin:kylin-core-common
CVE-2023-29055 — high · Maven/org.apache.kylin:kylin-core-common

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.