EPSS
Percentile
98.2%
druid-core is vulnerable to information disclosure. An attacker is able to bypass the application-level restriction and read data from other sources than intended by passing a file URL to the HTTP InputSource.
github.com/apache/druid/commit/6b14bdb3a53d6aec45e485e6849956a69720ba3f
lists.apache.org/thread.html/r304dfe56a5dfe1b2d9166b24d2c74ad1c6730338b20aef77a00ed2be@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/rc9400a70d0ec5cdb8a3486fc5ddb0b5282961c0b63e764abfbcb9f5d%40%3Cdev.druid.apache.org%3E