Vulnerabilities > Apache > Druid
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-07 | CVE-2021-44791 | Cross-site Scripting vulnerability in Apache Druid In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. | 4.3 |
| 2022-07-07 | CVE-2022-28889 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Druid In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. | 4.3 |
| 2021-09-24 | CVE-2021-36749 | Incorrect Authorization vulnerability in Apache Druid In the Druid ingestion system, the InputSource is used for reading data from a certain data source. | 6.5 |
| 2021-07-02 | CVE-2021-26920 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apache Druid In the Druid ingestion system, the InputSource is used for reading data from a certain data source. | 6.5 |
| 2021-03-30 | CVE-2021-26919 | Unspecified vulnerability in Apache Druid Apache Druid allows users to read data from other database systems using JDBC. | 8.8 |
| 2021-01-29 | CVE-2021-25646 | Unspecified vulnerability in Apache Druid 0.4.8 Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. | 8.8 |
| 2020-04-01 | CVE-2020-1958 | Injection vulnerability in Apache Druid 0.17.0 When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. | 6.5 |