2 matches found
CVE-2023-31847
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side...
Remote Code Execution
Apache Druid is vulnerable to remote code execution. Certain properties supported by the MySQL JDBC driver allows an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes...