1. Home
  2. Vulnerabilities
  3. CVE-2021-26919

CVE-2021-26919

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 6.5 (Medium)
65% Progress
EPSS 1.23 % (86th)
1.23% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2

Weaknesses
CWE-NVD-noinfo
Related CVEs
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2021-03-30 08:15:11
(3 years ago)
Updated Date
2023-11-07 03:31:49
(10 months ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Druid prior 0.20.2 version cpe:2.3:a:apache:druid < 0.20.2