CVE-2024-45384

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j.This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0.Since the druid-pac4j extension is optional and disabled by default, Druid installations not using th...

CVE-2024-45537

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide f...