CVE-2017-12630 is a vulnerability in Apache Drill
Published on December 18, 2017
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.
Products Associated with CVE-2017-12630
Want to know whenever a new CVE is published for Apache Drill? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Drill Version 1.11.0 and earlier is affected by CVE-2017-12630Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.