GHSA-xp4g-5xj6-6vpr

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Apache Drill vulnerable to Cross-site Scripting

In Apache Drill 1.11.0 and earlier, when submitting form from Query page, users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

Ссылки

Пакеты

Наименование

org.apache.drill:drill-common

maven

Затронутые версииВерсия исправления

< 1.12.0

1.12.0

EPSS

Процентиль: 72%

0.0072

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2017-12630

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-12630

CVSS3: 5.4

nvd

около 8 лет назад

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

EPSS

Процентиль: 72%

0.0072

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2017-12630

Дефекты

CWE-79