CVE-2024-45384

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j.This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0.Since the druid-pac4j extension is optional and disabled by default, Druid installations not using th...

CVE-2025-27888

Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid. This issue affects all previous Druid versions. When using ...