Medium severity5.4NVD Advisory· Published Dec 18, 2017· Updated Jun 17, 2026
CVE-2017-12630
CVE-2017-12630
Description
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.drill:drill-commonMaven | < 1.12.0 | 1.12.0 |
Affected products
3- Apache Software Foundation/Apache Drillv5Range: 1.11.0 and earlier
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-xp4g-5xj6-6vprghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12630ghsaADVISORY
- lists.apache.org/thread.html/608658a55d09e16542db41121a0a972c97448214cdc04071fd4db923@%3Cdev.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/608658a55d09e16542db41121a0a972c97448214cdc04071fd4db923%40%3Cdev.drill.apache.org%3Envd
News mentions
0No linked articles in our index yet.