org.apache.druid.extensions:druid-basic-security@0.17.0 vulnerabilities

latest version

34.0.0

latest non vulnerable version

34.0.0

first published

6 years ago

latest version published

3 months ago

licenses detected

Apache-2.0
[0.13.0-incubating,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.druid.extensions:druid-basic-security package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H LDAP Injection org.apache.druid.extensions:druid-basic-security is a basic security package for Apache Druid. Affected versions of this package are vulnerable to LDAP Injection. When LDAP authentication is enabled in Apache Druid, callers of Druid APIs with a valid set of LDAP credentials can bypass the `credentialsValidator.userSearch` filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. How to fix LDAP Injection? Upgrade `org.apache.druid.extensions:druid-basic-security` to version 0.17.1 or higher.	[0.17.0,0.17.1)

LDAP Injection

org.apache.druid.extensions:druid-basic-security is a basic security package for Apache Druid.

Affected versions of this package are vulnerable to LDAP Injection. When LDAP authentication is enabled in Apache Druid, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid.

How to fix LDAP Injection?

Upgrade org.apache.druid.extensions:druid-basic-security to version 0.17.1 or higher.

[0.17.0,0.17.1)

Go back to all versions of this package