Apache Druid Remote Code Execution Vulnerability Notice
abril 24, 2023
Overview Recently, NSFOCUS CERT found that an Apache Druid remote code execution vulnerability was publicly disclosed online. Under default configuration, Apache Druid supports loading data from Kafka. Unauthenticated remote attackers can implement JNDI injection attacks by modifying Kafka connection configuration properties, ultimately leading to the execution of arbitrary code on the server. Affected users should […]