5 matches found
EUVD-2021-0835
Malware in sbrugna...
GHSA-HXP5-8PGQ-MGV9 Missing Authentication for Critical Function in Apache Calcite
"HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses this method internally to connect with Druid and Splunk so information leakage may happen when using the respective Calcite...
CVE-2020-13955
HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapter...
Design/Logic Flaw
HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapter...
CVE-2020-13955
CVE-2020-13955 affects Apache Calcite: HttpUtils#getURLConnection disables hostname verification for HTTPS, enabling potential MITM attacks and information leakage when Calcite adapters connect to Druid or Splunk. The issue originates from a utility method that can be used to create vulnerable HT...