Product:

Drill

(Apache)
Repositories https://github.com/jquery/jquery-ui
#Vulnerabilities 6
Date Id Summary Products Score Patch Annotated
2024-07-24 CVE-2023-48362 XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue. Drill 8.8
2017-12-18 CVE-2017-12630 In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards. Drill 5.4
2019-04-22 CVE-2019-10241 In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. Activemq, Drill, Debian_linux, Jetty, Flexcube_core_banking, Rest_data_services, Retail_xstore_point_of_service 6.1
2019-05-23 CVE-2019-0201 An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request... Activemq, Drill, Zookeeper, Debian_linux, Element_software, Hci_bootstrap_os, Goldengate_stream_analytics, Siebel_core_\-_server_framework, Timesten_in\-Memory_database, Fuse 5.9
2019-07-30 CVE-2019-14439 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. Drill, Debian_linux, Jackson\-Databind, Fedora, Banking_platform, Communications_diameter_signaling_router, Communications_instant_messaging_server, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Goldengate_stream_analytics, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Retail_customer_management_and_segmentation_foundation, Retail_xstore_point_of_service, Siebel_engineering_\-_installer_\&_deployment, Siebel_ui_framework, Jboss_middleware_text\-Only_advisories 7.5
2014-11-24 CVE-2010-5312 Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. Drill, Debian_linux, Drupal, Fedora, Jquery_ui, Snapcenter 6.1