pkg:maven/org.apache.druid/druid
Type
maven
Namespace
org.apache.druid
Name
druid
Known advisories, vulnerabilities and fixes for org.apache.druid/druid package.
High
2
Moderate
3
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 0.23.0 |
CVE-2021-44791
|
MAVEN:GHSA-8RMV-98M4-G5C6 | Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters | moderate |
2022-07-08T00:00:43
(2 years ago) |
|
Fixed | = 0.23.0 |
CVE-2021-44791
|
MAVEN:GHSA-8RMV-98M4-G5C6 | Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters | moderate |
2022-07-08T00:00:43
(2 years ago) |
|
Affected | < 0.20.2 |
CVE-2021-26919
|
MAVEN:GHSA-JJ4F-P7VV-J4V9 | Arbitrary code execution in Apache Druid | high |
2021-06-16T17:51:58
(3 years ago) |
|
Fixed | = 0.20.2 |
CVE-2021-26919
|
MAVEN:GHSA-JJ4F-P7VV-J4V9 | Arbitrary code execution in Apache Druid | high |
2021-06-16T17:51:58
(3 years ago) |
|
Affected | < 0.23.0 |
CVE-2022-28889
|
MAVEN:GHSA-PGQ7-JCJ5-XX6H | Apache Druid before 0.23.0 vulnerable to clickjacking | moderate |
2022-07-08T00:00:43
(2 years ago) |
|
Fixed | = 0.23.0 |
CVE-2022-28889
|
MAVEN:GHSA-PGQ7-JCJ5-XX6H | Apache Druid before 0.23.0 vulnerable to clickjacking | moderate |
2022-07-08T00:00:43
(2 years ago) |
|
Affected | = 0.17.0 |
CVE-2020-1958
|
MAVEN:GHSA-QH2G-7H5P-MXF4 | Credentials bypass in Apache Druid | moderate |
2022-02-09T22:05:39
(2 years ago) |
|
Fixed | = 0.17.1 |
CVE-2020-1958
|
MAVEN:GHSA-QH2G-7H5P-MXF4 | Credentials bypass in Apache Druid | moderate |
2022-02-09T22:05:39
(2 years ago) |
|
Affected | < 0.20.1 |
CVE-2021-25646
|
MAVEN:GHSA-WRQF-RRRW-W3MG | Code injection in Apache Druid | high |
2021-06-16T17:40:47
(3 years ago) |
|
Fixed | = 0.20.1 |
CVE-2021-25646
|
MAVEN:GHSA-WRQF-RRRW-W3MG | Code injection in Apache Druid | high |
2021-06-16T17:40:47
(3 years ago) |