CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-26 05:17:47 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
dc6e2cf7158eeb24cfecb4d64f4f1da9a8a732e2
CVEs-PoC/2021/CVE-2021-26919.md
T
marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00

25 lines
1.3 KiB
Markdown
Raw Blame History

### [CVE-2021-26919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26919)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Druid&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Apache%20Druid%3C%3D%200.20.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20code%20execution&color=brighgreen)
### Description
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Awrrays/FrameVul
- https://github.com/EdgeSecurityTeam/Vulnerability
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Threekiii/Awesome-POC
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/tzwlhack/Vulnerability
Reference in New Issue View Git Blame Copy Permalink