2 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when operator-imposed boundlocations restrictions are in effect, due to missing validation of Azure-issued JWTs against vmname or vmssname values. A user can bypass the intended geographic restrictions by...
PT-2021-17176 · Apache +1 · Apache Druid +1
Name of the Vulnerable Software and Affected Versions: Apache Druid versions prior to 0.20.2 Description: The issue allows an attacker to execute arbitrary code from a malicious MySQL server within Druid server processes due to certain properties in the MySQL JDBC driver. This functionality is...