Filter
maven/org.apache.druid:druidApache Druid: Users can provide MySQL JDBC properties not on allow list
6.5
First published (updated )
maven/org.apache.druid.extensions:druid-pac4jApache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack
5.3
First published (updated )
Apache DruidReflected XSS on certain HTTP endpoints
6.1
First published (updated )
Apache DruidApache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920)
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache DruidApache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended
6.5
First published (updated )
Apache DruidApache Druid Authenticated users can execute arbitrary code from malicious MySQL database systems.
8.8
First published (updated )
Apache DruidAuthenticated users can override system configurations in their requests which allows them to execute arbitrary code.
First published (updated )
Apache DruidWhen LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set o…
6.5
First published (updated )