Apache Druid Vulnerabilities

Apache Apache Druid vulnerabilities.

17 September 2024

Apache Druid: Users can provide MySQL JDBC properties not on allow list
CVE-2024-45537
ApacheApache Druid6.5MEDIUM

7 July 2022

24 September 2021

Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920)
CVE-2021-36749
ApacheApache Druid👾🟡EPSS 92%6.5MEDIUM

2 July 2021

Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended
CVE-2021-26920
ApacheApache Druid6.5MEDIUM

30 March 2021

Apache Druid Authenticated users can execute arbitrary code from malicious MySQL database systems.
CVE-2021-26919
ApacheApache Druid8.8HIGH

29 January 2021

Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.
CVE-2021-25646
ApacheApache Druid👾🟡EPSS 97%8.8HIGH

1 April 2020

CVE-2020-1958
ApacheApache Druid👾🟡6.5MEDIUM

No more vulnerabilities to load.