Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HApache Druid
APPApache≤ 0.20.0
Powiązane podatności
Apache Druid – pominięcie uwierzytelnienia LDAP przez anonimowy bind
Apache Druid: słaby generator losowy umożliwia bypass uwierzytelnienia Kerberos
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow ...
Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input Durin...
Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulat...