pkg:maven/org.apache.druid/druid

Type maven

Namespace org.apache.druid

Name druid

Known advisories, vulnerabilities and fixes for org.apache.druid/druid package.

Repository: https://mvnrepository.com/artifact/org.apache.druid/druid

High 2

Moderate 3

Type	Version	Distribution	# CVEs	# Advisory ID	Title	Severity	Published
Affected	< 0.23.0		CVE-2021-44791	MAVEN:GHSA-8RMV-98M4-G5C6	Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters	moderate	2022-07-08T00:00:43 (2 years ago)
Fixed	= 0.23.0		CVE-2021-44791	MAVEN:GHSA-8RMV-98M4-G5C6	Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters	moderate	2022-07-08T00:00:43 (2 years ago)
Affected	< 0.20.2		CVE-2021-26919	MAVEN:GHSA-JJ4F-P7VV-J4V9	Arbitrary code execution in Apache Druid	high	2021-06-16T17:51:58 (3 years ago)
Fixed	= 0.20.2		CVE-2021-26919	MAVEN:GHSA-JJ4F-P7VV-J4V9	Arbitrary code execution in Apache Druid	high	2021-06-16T17:51:58 (3 years ago)
Affected	< 0.23.0		CVE-2022-28889	MAVEN:GHSA-PGQ7-JCJ5-XX6H	Apache Druid before 0.23.0 vulnerable to clickjacking	moderate	2022-07-08T00:00:43 (2 years ago)
Fixed	= 0.23.0		CVE-2022-28889	MAVEN:GHSA-PGQ7-JCJ5-XX6H	Apache Druid before 0.23.0 vulnerable to clickjacking	moderate	2022-07-08T00:00:43 (2 years ago)
Affected	= 0.17.0		CVE-2020-1958	MAVEN:GHSA-QH2G-7H5P-MXF4	Credentials bypass in Apache Druid	moderate	2022-02-09T22:05:39 (2 years ago)
Fixed	= 0.17.1		CVE-2020-1958	MAVEN:GHSA-QH2G-7H5P-MXF4	Credentials bypass in Apache Druid	moderate	2022-02-09T22:05:39 (2 years ago)
Affected	< 0.20.1		CVE-2021-25646	MAVEN:GHSA-WRQF-RRRW-W3MG	Code injection in Apache Druid	high	2021-06-16T17:40:47 (3 years ago)
Fixed	= 0.20.1		CVE-2021-25646	MAVEN:GHSA-WRQF-RRRW-W3MG	Code injection in Apache Druid	high	2021-06-16T17:40:47 (3 years ago)