Vulnerabilities > Apache > Druid > 0.5.34
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-45537 | Unspecified vulnerability in Apache Druid Apache Druid allows users with certain permissions to read data from other database systems using JDBC. | 6.5 |
| 2022-07-07 | CVE-2021-44791 | Cross-site Scripting vulnerability in Apache Druid In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. | 6.1 |
| 2022-07-07 | CVE-2022-28889 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Druid In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. | 4.3 |
| 2021-09-24 | CVE-2021-36749 | Incorrect Authorization vulnerability in Apache Druid In the Druid ingestion system, the InputSource is used for reading data from a certain data source. | 6.5 |
| 2021-07-02 | CVE-2021-26920 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apache Druid In the Druid ingestion system, the InputSource is used for reading data from a certain data source. | 6.5 |
| 2021-03-30 | CVE-2021-26919 | Unspecified vulnerability in Apache Druid Apache Druid allows users to read data from other database systems using JDBC. | 8.8 |
| 2021-01-29 | CVE-2021-25646 | Unspecified vulnerability in Apache Druid Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. | 8.8 |