CVE-2021-26919 is a vulnerability in Apache Druid
Published on March 30, 2021
Apache Druid Authenticated users can execute arbitrary code from malicious MySQL database systems.
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2
Products Associated with CVE-2021-26919
Want to know whenever a new CVE is published for Apache Druid? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Druid:- Version Apache Druid, <= 0.20.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.