Severity: low Description:
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks. Mitigation: Upgrade to Druid 0.23.0 or later. Credit: This issue was discovered by DangKhai from Viettel Cyber Security --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org For additional commands, e-mail: dev-h...@druid.apache.org
