PT-2024-31590 · Apache · Apache Druid
Name of the Vulnerable Software and Affected Versions: Apache Druid versions 0.18.0 through 30.0.0 Description: The issue is a Padding Oracle vulnerability in the Apache Druid extension, druid-pac4j, which could allow an attacker to manipulate a pac4j session cookie. Since the druid-pac4j extensi...