Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read...
7.5CVSS
7.3AI Score
0.001EPSS
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before...
7.5CVSS
7.5AI Score
0.003EPSS
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the...
7.5CVSS
8.4AI Score
0.001EPSS
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this...
5.4CVSS
5.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title...
6.1CVSS
5.9AI Score
0.002EPSS