Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
druid vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-26919
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can ...
Apache Druid
6.1
CVSSv3
CVE-2021-44791
In Apache Druid 0.22.1 and previous versions, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.
Apache Druid
8.8
CVSSv3
CVE-2021-25646
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and previous versions, it is possible for an a...
Apache Druid
13 Github repositories
6.5
CVSSv3
CVE-2021-26920
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server proce...
Apache Druid
1 Github repository
4.3
CVSSv3
CVE-2022-28889
In Apache Druid 0.22.1 and previous versions, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
Apache Druid
6.5
CVSSv3
CVE-2021-36749
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server proce...
Apache Druid
6 Github repositories
7.5
CVSSv3
CVE-2021-33800
In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.
Alibaba Druid 1.2.3
6.5
CVSSv3
CVE-2020-1958
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject ...
Apache Druid 0.17.0
1 Github repository
5.4
CVSSv3
CVE-2023-29839
A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.
Digitaldruid Hotel Druid 3.0.4
1 Github repository
8.8
CVSSv3
CVE-2022-22909
HotelDruid v3.0.3 exists to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.
Digitaldruid Hoteldruid 3.0.3
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »