Headline
CVE-2021-44791
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.
Email display mode:
Modern rendering
Legacy rendering
Related news
GHSA-8rmv-98m4-g5c6: Cross site scripting in Apache Druid
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.