### [CVE-2021-25646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25646)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Druid&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0.20.0%20and%20earlier%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20code%20execution&color=brightgreen)

### Description

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.

### POC

#### Reference
- http://packetstormsecurity.com/files/162345/Apache-Druid-0.20.0-Remote-Command-Execution.html

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/12442RF/POC
- https://github.com/1n7erface/PocList
- https://github.com/20142995/Goby
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Ares-X/VulWiki
- https://github.com/ArrestX/--POC
- https://github.com/Astrogeorgeonethree/Starred
- https://github.com/Astrogeorgeonethree/Starred2
- https://github.com/Atem1988/Starred
- https://github.com/Awrrays/FrameVul
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/DMW11525708/wiki
- https://github.com/EdgeSecurityTeam/Vulnerability
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/FDlucifer/firece-fish
- https://github.com/GhostTroops/TOP
- https://github.com/HimmelAward/Goby_POC
- https://github.com/J1ezds/Vulnerability-Wiki-page
- https://github.com/JD2344/SecGen_Exploits
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Lern0n/Lernon-POC
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/Ormicron/CVE-2021-25646-GUI
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/SYRTI/POC_to_review
- https://github.com/SexyBeast233/SecBooks
- https://github.com/ShadowLance2/Apache-Druid-CVE-2021-25646-Exploit
- https://github.com/Shadowven/Vulnerability_Reproduction
- https://github.com/SouthWind0/southwind0.github.io
- https://github.com/SpiritixCS/ToolBox
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/Vulnmachines/Apache-Druid-CVE-2021-25646
- https://github.com/W4nde3/toolkits
- https://github.com/WhooAmii/POC_to_review
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/Yang0615777/PocList
- https://github.com/Z0fhack/Goby_POC
- https://github.com/adysec/POC
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bealright/Poc-Exp
- https://github.com/bigblackhat/oFx
- https://github.com/cc8700619/poc
- https://github.com/chengongpp/purge
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dnr6419/Druid_docker
- https://github.com/eeeeeeeeee-code/POC
- https://github.com/errorecho/CVEs-Collection
- https://github.com/fardeen-ahmed/Bug-bounty-Writeups
- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks
- https://github.com/givemefivw/CVE-2021-25646
- https://github.com/gobysec/Goby
- https://github.com/gps1949/CVE-2021-25646
- https://github.com/hktalent/bug-bounty
- https://github.com/huimzjty/vulwiki
- https://github.com/j2ekim/CVE-2021-25646
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/k7pro/CVE-2021-25646-exp
- https://github.com/langu-xyz/JavaVulnMap
- https://github.com/laoa1573/wy876
- https://github.com/lp008/CVE-2021-25646
- https://github.com/ltfafei/my_POC
- https://github.com/lucagioacchini/auto-pen-bench
- https://github.com/luobai8/CVE-2021-25646-exp
- https://github.com/manas3c/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oLy0/Vulnerability
- https://github.com/paultheal1en/auto_pen_bench_web
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/qiuluo-oss/Tiger
- https://github.com/ranhn/Goby-Poc
- https://github.com/sobinge/nuclei-templates
- https://github.com/soosmile/POC
- https://github.com/sparktsao/auto-pen-bench-study
- https://github.com/tiemio/RCE-PoC-CVE-2021-25646
- https://github.com/trhacknon/Pocingit
- https://github.com/tung6192/llm-security-hackathon
- https://github.com/tzwlhack/Vulnerability
- https://github.com/venkateshsunkari/Apache-Druid
- https://github.com/whoforget/CVE-POC
- https://github.com/xm88628/AfternoonTea
- https://github.com/yaunsky/cve-2021-25646
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve