An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS14cDRnLTV4ajYtNnZwcs4AAXoZ

Apache Drill vulnerable to Cross-site Scripting

In Apache Drill 1.11.0 and earlier, when submitting form from Query page, users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 8 months ago

CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-xp4g-5xj6-6vpr, CVE-2017-12630

Affected Packages

Versions: < 1.12.0
Fixed in: 1.12.0