VYPR

Maven package

org.apache.drill/drill-common

pkg:maven/org.apache.drill/drill-common

Vulnerabilities (1)

  • CVE-2017-12630MedDec 18, 2017
    affected < 1.12.0fixed 1.12.0

    In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may