3 matches found
Apache Druid - Server-Side Request Forgery
Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid.This issue affects all previous Druid versions.When using the Druid management proxy, a request tha...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the concatenateForRewrite method in JettyUtils when the management proxy is enabled - which it is in the default configuration. An attacker can manipulate the URL to redirect requests to an arbitrary...
Open Redirect
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Open Redirect via the redirect, FORWARDURL, noSuchEntryRedirect, and other parameters that rely on the HtmlUtil.escapeRedirect process. An attacker can redirect...