CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27888 – Apache Druid: Server-Side Request Forgery and Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2025-27888
20 Mar 2025 — Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the Druid management proxy, a request that has a specially crafted URL could be used to redirect the request to an arbitrary server instead. This has the potential for XSS or XSRF. The user is required to be authe... • https://lists.apache.org/thread/c0qo989pwtrqkjv6xfr0c30dnjq8vf39 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45537 – Apache Druid: Users can provide MySQL JDBC properties not on allow list
https://notcve.org/view.php?id=CVE-2024-45537
17 Sep 2024 — Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide for their JDBC connections. By default, this allowed properties list restricts users to TLS-related properties only. However, when configuration a MySQL JDBC connection, users can use a particularly-crafted JDBC co... • https://lists.apache.org/thread/2ovx1t77y6tlkhk5b42clp4vwo4c8cjv • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45384 – Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack
https://notcve.org/view.php?id=CVE-2024-45384
17 Sep 2024 — Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability. While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the ... • https://lists.apache.org/thread/gr94fnp574plb50lsp8jw4smvgv1lbz1 • CWE-209: Generation of Error Message Containing Sensitive Information •