Apache Druid

Apache Druid Remote Code Execution Vulnerability Notice

abril 24, 2023

Overview Recently, NSFOCUS CERT found that an Apache Druid remote code execution vulnerability was publicly disclosed online. Under default configuration, Apache Druid supports loading data from Kafka. Unauthenticated remote attackers can implement JNDI injection attacks by modifying Kafka connection configuration properties, ultimately leading to the execution of arbitrary code on the server. Affected users should […]


Inscreva-se no Blog da NSFOCUS