CVE-2021-25646 Scanner

Apache Druid is a data store that was built to meet the needs of large-scale, real-time analytics. It allows users to manage data sets in a distributed and scalable way, providing fast querying and analysis capabilities. The platform is used by businesses across various industries to support real-time data ingestion and queries, operational monitoring, and machine learning use cases.

However, recently, a security vulnerability has been detected in the platform, known as CVE-2021-25646. This vulnerability makes it possible for any authenticated user to send a specially crafted request that forces Druid to execute user-provided JavaScript code for that request, regardless of server configuration. As a result, an attacker can exploit this vulnerability to execute code on the target server with the privileges of the Druid server process, which can lead to a range of malicious activities.

When this vulnerability is exploited, an attacker can gain access to sensitive data, including user credentials and intellectual property. They can install malware or ransomware on the server and take control of the system. Furthermore, they can use the compromised server to launch attacks on other systems, escalating the severity of the breach and causing significant harm to the organization.

Thanks to the pro features of the securityforeveryone.com platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. The website provides comprehensive vulnerability scanning and management to help organizations stay on top of cyber threats. By using the platform, businesses can ensure that their systems remain secure and are protected against the latest threats.

REFERENCES

• https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E 
• openwall.com: [oss-security] 20210129 CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. 
• lists.apache.org: [druid-dev] 20210129 Re: [druid-user] Re: CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. 
• lists.apache.org: [druid-dev] 20210129 Re: CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. 
• lists.apache.org: [announce] 20210129 Subject: [CVE-2021-25646] Apache Druid remote code execution vulnerability 
• lists.apache.org: [druid-commits] 20210204 [GitHub] [druid] jihoonson merged pull request #10818: Fix CVE-2021-25646 
• lists.apache.org: [druid-commits] 20210204 [GitHub] [druid] jihoonson commented on pull request #10818: Fix CVE-2021-25646 
• lists.apache.org: [druid-commits] 20210204 [GitHub] [druid] jihoonson opened a new pull request #10854: [Backport] Fix CVE-2021-25646 
• lists.apache.org: [druid-commits] 20210204 [druid] branch 0.21.0 updated: Fix CVE-2021-25646 (#10818) (#10854) 
• lists.apache.org: [druid-commits] 20210204 [GitHub] [druid] jihoonson merged pull request #10854: [Backport] Fix CVE-2021-25646 
• lists.apache.org: [druid-commits] 20210205 [GitHub] [druid] jihoonson opened a new pull request #10854: [Backport] Fix CVE-2021-25646 
• lists.apache.org: [druid-commits] 20210205 [GitHub] [druid] jihoonson merged pull request #10818: Fix CVE-2021-25646 
• lists.apache.org: [druid-commits] 20210205 [GitHub] [druid] jihoonson commented on pull request #10818: Fix CVE-2021-25646 
• lists.apache.org: [druid-commits] 20210205 [GitHub] [druid] jihoonson merged pull request #10854: [Backport] Fix CVE-2021-25646 
• lists.apache.org: [druid-dev] 20210331 Regarding the 0.21.0 release 
• http://packetstormsecurity.com/files/162345/Apache-Druid-0.20.0-Remote-Command-Execution.html