Maven package
org.apache.druid/druid-core
pkg:maven/org.apache.druid/druid-core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-36749 | — | < 0.22.0 | 0.22.0 | Sep 24, 2021 | In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server proce | ||
| CVE-2021-26920 | — | < 0.21.0 | 0.21.0 | Jul 2, 2021 | In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server proce |
- CVE-2021-36749Sep 24, 2021affected < 0.22.0fixed 0.22.0
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server proce
- CVE-2021-26920Jul 2, 2021affected < 0.21.0fixed 0.21.0
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server proce