org.apache.druid:druid-processing@25.0.0 vulnerabilities
-
latest version
31.0.0
-
latest non vulnerable version
-
first published
6 years ago
-
latest version published
a month ago
-
licenses detected
- [0.13.0-incubating,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.druid:druid-processing package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Improper Input Validation when configuration a MySQL JDBC connection, which allows an attacker to use a crafted JDBC connection string to provide properties that are not on the properties allow list. Note: This is only exploitable for users with the permission to configure JDBC connections. How to fix Improper Input Validation? Upgrade |
[,30.0.1)
|
Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the manipulation of the Note: Druid installations not using the druid-pac4j extension are not affected by this vulnerability. How to fix Improper Verification of Cryptographic Signature? Upgrade |
[0.18.0,30.0.1)
|