Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Drill
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13956 3 Apache, Oracle, Quarkus 13 Drill, Httpclient, Data Integrator and 10 more 2021-11-30 5.0 MEDIUM 5.3 MEDIUM
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
CVE-2017-12630 1 Apache 1 Drill 2018-01-05 3.5 LOW 5.4 MEDIUM
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.