Apache Druid - Server-Side Request Forgery

Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid.This issue affects all previous Druid versions.When using the Druid management proxy, a request tha...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the concatenateForRewrite method in JettyUtils when the management proxy is enabled - which it is in the default configuration. An attacker can manipulate the URL to redirect requests to an arbitrary...

GHSA-2XCR-P767-F3RV Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect

Severity: medium 5.8 / important Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the...

CVE-2025-27888

Severity: medium 5.8 / important Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the...

CVE-2025-27888 Apache Druid: Server-Side Request Forgery and Cross-Site Scripting

Severity: medium 5.8 / important Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the...

CVE-2025-27888 Apache Druid: Server-Side Request Forgery and Cross-Site Scripting

Severity: medium 5.8 / important Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the...

PT-2025-12331

Apache Druid and Affected Versions Apache Druid versions prior to 31.0.2 and prior to 32.0.1 Description Apache Druid is susceptible to Server-Side Request Forgery SSRF, Cross-Site Scripting XSS, and Open Redirect issues. When the Druid management proxy is used, a specially crafted URL in a reque...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in idcCMS v1.35, which originates from a cross-site request forgery vulnerability in the...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in idcCMS v1.35, which originates from a cross-site request forgery vulnerability in the...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology, Inc. A security vulnerability exists in idcCMS version 1.35, which is vulnerable to cross-site request forgery CSRF attacks...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology, Inc. A security vulnerability exists in idcCMS version 1.35, which is vulnerable to cross-site request forgery CSRF attacks...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology, Inc. A security vulnerability exists in idcCMS version 1.35, which is vulnerable to cross-site request forgery CSRF attacks...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology, Inc. A security vulnerability exists in idcCMS version 1.35, which is vulnerable to cross-site request forgery CSRF attacks...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology, Inc. A security vulnerability exists in idcCMS version 1.35, which is vulnerable to cross-site request forgery CSRF attacks...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology, Inc. A security vulnerability exists in idcCMS v1.35, which originates from the component /admin/keyWorddeal.php?mudi=add containing a cross-site...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology, Inc. A security vulnerability exists in idcCMS v1.35, which originates from the component /admin/ipRecorddeal.php?mudi=add that contains cross-sit...

Net Titanium Technology idcCMS 跨站请求伪造漏洞

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology Net Titanium Technology. A cross-site request forgery vulnerability exists in version 1.35 of idcCMS, which originates from the file...