3 matches found
Exploit for Incorrect Authorization in Apache Druid
CVE-2021-36749 Apache Druid 任意文件读取 受影响版本:version = 0.21.1 使...
CVE-2021-36749
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...
CVE-2021-36749 Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920)
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...