org.apache.druid.extensions:druid-protobuf-extensions (>=0.18.0 <=0.21.1) potentially affected by CVE-2021-36749 via org.apache.druid:druid-core (>=0.18.0 <=0.21.1)

org.apache.druid:druid-core MAVEN version =0.18.0, =0.18.0, =0.21.1 Source cves: CVE-2021-36749 Source advisory: OSV:GHSA-9P5G-VG43-MJ5R...

Information Disclosure

druid-core is vulnerable to information disclosure. An attacker is able to bypass the application-level restriction and read data from other sources than intended by passing a file URL to the HTTP InputSource...

org.apache.druid.extensions:druid-protobuf-extensions (>=0.18.0 <=0.20.2) potentially affected by CVE-2021-26920 +1 more via org.apache.druid:druid-core (>=0.18.0 <=0.20.2)

org.apache.druid:druid-core MAVEN version =0.18.0, =0.18.0, =0.20.2 Source cves: CVE-2021-26920, CVE-2023-26920 Source advisory: OSV:GHSA-793H-6F7R-6QVM...

Information Disclosure

druid-core is vulnerable to information disclosure. An attacker is able bypass the application-level restriction and read data from other sources than intended by passing a file URL to the HTTP InputSource...