Main Vulnerability Database Exploits ID:6888 - Exploit for Security restrictions bypass in Apache Druid - CVE-2021-36749

ID:6888 - Exploit for Security restrictions bypass in Apache Druid - CVE-2021-36749

Published: October 14, 2021

Vulnerability identifier: #VU56850

Vulnerability risk: Low

CVE-ID: CVE-2021-36749

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
Apache Druid

Link to public exploit:

https://github.com/dorkerdevil/CVE-2021-36749

Vulnerability description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to a design error in the HTTP InputSource method, which allows a remote authenticated user to view contents of local files on the system.

Note, the vulnerability exists due to incomplete fix for #VU54554 (CVE-2021-26920).

Remediation

Install updates from vendor's website.

ID:6888 - Exploit for Security restrictions bypass in Apache Druid - CVE-2021-36749

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human