CVE-2021-25646

🗓️ 29 Jan 2021 19:15:12Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 11 Media mentions👁 307 Views🌐 WEB

Apache Druid 0.20.0 and earlier executes arbitrary JavaScript, allowing code execution

Reporter	Title	Published	Views	Family All 25
0day.today	Apache Druid 0.20.0 Remote Command Execution Exploit	27 Apr 202100:00	–	zdt
GithubExploit	Exploit for CVE-2021-25646	12 Dec 202114:40	–	githubexploit
GithubExploit	Exploit for CVE-2021-25646	4 Feb 202112:51	–	githubexploit
GithubExploit	Exploit for CVE-2021-25646	3 Feb 202103:59	–	githubexploit
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Druid affects watsonx.data	5 Sep 202417:49	–	ibm
ATTACKERKB	CVE-2021-25646	29 Jan 202100:00	–	attackerkb
Tenable Nessus	Apache Druid < 0.20.1 RCE (Direct Check)	30 Mar 202100:00	–	nessus
Circl	CVE-2021-25646	5 Feb 202123:22	–	circl
CNNVD	Apache Druid 访问控制错误漏洞	29 Jan 202100:00	–	cnnvd
CNVD	Apache Druid Access Control Error Vulnerability	1 Feb 202100:00	–	cnvd

NVD

Vulners

Node

apache druidRange≤0.20.0

[
  {
    "product": "Apache Druid",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "0.20.0",
        "status": "affected",
        "version": "0.20.0 and earlier",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/ra4225912f501016bc5e0ac44e14b8d6779173a3a1dc7baacaabcc9ba%40%3Ccommits.druid.apache.org%3E
lists	www.lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad%40%3Cdev.druid.apache.org%3E
packetstormsecurity	www.packetstormsecurity.com/files/162345/Apache-Druid-0.20.0-Remote-Command-Execution.html
lists	www.lists.apache.org/thread.html/r4f84b542417ea46202867c0a8b3eaf3b4cfed30e09174a52122ba210%40%3Ccommits.druid.apache.org%3E
lists	www.lists.apache.org/thread.html/r20e0c3b10ae2c05a3aad40f1476713c45bdefc32c920b9986b941d8f%40%3Cannounce.apache.org%3E
lists	www.lists.apache.org/thread.html/r121abe8014d381943b63c60615149d40bde9dc1c868bcee90d0d0848%40%3Ccommits.druid.apache.org%3E
lists	www.lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E
lists	www.lists.apache.org/thread.html/r87aa94e28dd21ee2252d30c63f01ab9cb5474ee5bdd98dd8d7d734aa%40%3Ccommits.druid.apache.org%3E
lists	www.lists.apache.org/thread.html/r64431c2b97209f566b5dff92415e7afba0ed3bfab4695ebaa8a62e5d%40%3Cdev.druid.apache.org%3E
lists	www.lists.apache.org/thread.html/r7dff4790e7a5c697fc0360adf11f5aeb31cd6ad80644fffee690673c%40%3Ccommits.druid.apache.org%3E

Parameter	Position	Path	Description
spec.ioConfig.firehose.baseDir	request body	/druid/indexer/v1/sampler	RCE via user-provided JavaScript execution in Druid request body (CVE-2021-25646).
spec.dataSchema.parser.parseSpec.function	request body	/druid/indexer/v1/sampler	RCE via user-provided JavaScript execution in Druid request body (CVE-2021-25646).
type	request body	/druid/indexer/v1/sampler	RCE via user-provided JavaScript execution in Druid request body (CVE-2021-25646).
spec.ioConfig.firehose.type	request body	/druid/indexer/v1/sampler	RCE via user-provided JavaScript execution in Druid request body (CVE-2021-25646).
spec.dataSchema.parseSpec.format	request body	/druid/indexer/v1/sampler	RCE via user-provided JavaScript execution in Druid request body (CVE-2021-25646).

17 Jun 2026 03:42Current

8.6High risk

Vulners AI Score8.6

CVSS 3.18.8

CVSS 29

EPSS0.99217

In Wild