Latest medium severity vulnerabilities for "apache druid"

Where

AND

Sort:

Versions

0.17.0

0.18.0

0.22.1

Apache DruidApache Druid: Server-Side Request Forgery and Cross-Site Scripting

Risk 32

Severity

5.8

EPSS

0.04%

First published (updated )

CVE-2025-27888

maven/org.apache.druid:druidApache Druid: Users can provide MySQL JDBC properties not on allow list

Risk 40

Severity

6.5

First published (updated )

CVE-2024-45537

Apache DruidApache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack

Risk 29

Severity

5.3

First published (updated )

CVE-2024-45384

Apache DruidClickjacking in the web console

Risk 22

Severity

4.3

First published (updated )

CVE-2022-28889

Apache DruidReflected XSS on certain HTTP endpoints

Risk 38

Severity

6.1

First published (updated )

CVE-2021-44791

maven/org.apache.druid:druid-coreApache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920)

Risk 39

Severity

6.5

First published (updated )

CVE-2021-36749

maven/org.apache.druid:druid-coreApache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended

Risk 40

Severity

6.5

First published (updated )

CVE-2021-26920

Apache DruidWhen LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set o…

Risk 38

Severity

6.5

First published (updated )

CVE-2020-1958

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Trending

Versions

Apache DruidApache Druid: Server-Side Request Forgery and Cross-Site Scripting

maven/org.apache.druid:druidApache Druid: Users can provide MySQL JDBC properties not on allow list

Apache DruidApache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack

Apache DruidClickjacking in the web console

Apache DruidReflected XSS on certain HTTP endpoints

Don't miss critical vulnerabilities

maven/org.apache.druid:druid-coreApache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920)

maven/org.apache.druid:druid-coreApache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended

Apache DruidWhen LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set o…

Company

Resources

Contact