Количество 3
Количество 3
CVE-2021-26919
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2
CVE-2021-26919
Apache Druid allows users to read data from other database systems usi ...
GHSA-jj4f-p7vv-j4v9
Arbitrary code execution in Apache Druid
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-26919 Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2 | CVSS3: 8.8 | 79% Высокий | почти 5 лет назад |
| CVE-2021-26919 Apache Druid allows users to read data from other database systems usi ... | CVSS3: 8.8 | 79% Высокий | почти 5 лет назад |
| GHSA-jj4f-p7vv-j4v9 Arbitrary code execution in Apache Druid | CVSS3: 8.8 | 79% Высокий | больше 4 лет назад |
Уязвимостей на страницу