{ "Name": "Apache Druid RCE (CVE-2021-25646)", "Description": "Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.", "Product": "Apache-Druid", "Homepage": "https://druid.apache.org/", "DisclosureDate": "2021-01-29", "Author": "itardc@163.com", "GifAddress": "https://raw.githubusercontent.com/gobysec/GobyVuls/master/Druid/CVE-2021-25646/CVE-2021-25646.gif", "FofaQuery": "title=\"Apache\" && title=\"Druid\"", "GobyQuery": "", "Level": "3", "Impact": "", "Recommendation": "", "References": [ "http://www.openwall.com/lists/oss-security/2021/01/29/6", "https://lists.apache.org/thread.html/r20e0c3b10ae2c05a3aad40f1476713c45bdefc32c920b9986b941d8f@%3Cannounce.apache.org%3E", "https://lists.apache.org/thread.html/r64431c2b97209f566b5dff92415e7afba0ed3bfab4695ebaa8a62e5d@%3Cdev.druid.apache.org%3E", "https://lists.apache.org/thread.html/rc167d5e57f3120578718a7a458ce3e73b3830ac4efbb1b085bd06b92@%3Cdev.druid.apache.org%3E", "https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2021-25646", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25646", "https://f5.pm/go-57059.html" ], "HasExp": true, "ExpParams": null, "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": null, "ExploitSteps": null, "Tags": ["rce"], "CVEIDs": [ "CVE-2021-25646" ], "CVSSScore": "8.8", "AttackSurfaces": { "Application": ["Apache-Druid"], "Support": null, "Service": null, "System": null, "Hardware": null } }