8.8

CVE-2021-26919

EPSS 82.39%
Published 30.03.2021 08:15:11
Last modified 21.11.2024 05:57:02
Source security@apache.org
Teams watchlist Login
Open Login

Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2

Affected products Warnungen 0 Metrics 3 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Druid Version < 0.20.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	82.39%	0.992

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad%40%3Cdev.druid.apache.org%3E

https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f%40%3Cdev.druid.apache.org%3E

https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872%40%3Ccommits.druid.apache.org%3E

https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864%40%3Ccommits.druid.apache.org%3E

https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697%40%3Cdev.druid.apache.org%3E

https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc%40%3Ccommits.druid.apache.org%3E

https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110%40%3Cdev.druid.apache.org%3E

https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f%40%3Cdev.druid.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2021-26919

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-26919

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-26919

EUVD