mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-30 10:10:41 +00:00
21 lines
1.0 KiB
JSON
21 lines
1.0 KiB
JSON
|
{
|
||
|
|
"id": "CVE-2024-45384",
|
||
|
|
"sourceIdentifier": "security@apache.org",
|
||
|
|
"published": "2024-09-17T19:15:28.100",
|
||
|
|
"lastModified": "2024-09-17T19:15:28.100",
|
||
|
|
"vulnStatus": "Received",
|
||
|
|
"cveTags": [],
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "Padding Oracle vulnerability in Apache Druid extension, druid-pac4j.\nThis could allow an attacker to manipulate a pac4j session cookie.\n\nThis issue affects Apache Druid versions 0.18.0 through 30.0.0.\nSince the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability.\n\nWhile we are not aware of a way to meaningfully exploit this flaw, we \nnevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue\nand ensuring you have a strong \ndruid.auth.pac4j.cookiePassphrase as a precaution."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {},
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://lists.apache.org/thread/gr94fnp574plb50lsp8jw4smvgv1lbz1",
|
||
|
|
"source": "security@apache.org"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|