oss-sec mailing list archives
CVE-2021-44791: Apache Druid: Reflected XSS on certain HTTP endpoints
From: Abhishek Agarwal <abhishek () apache org>
Date: Thu, 07 Jul 2022 13:38:43 +0000
Severity: low Description: In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks. Mitigation: Upgrade to Druid 0.23.0 or later. Credit: This issue was discovered by DangKhai from Viettel Cyber Security
Current thread:
- CVE-2021-44791: Apache Druid: Reflected XSS on certain HTTP endpoints Abhishek Agarwal (Jul 07)