How severe is CVE-2021-25646?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-25646?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2021-25646 - HIGH Severity | CVSS 8.8

Vulnerability Description

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.

Related Vulnerabilities

CVE-2008-3431

HIGH

CVSS:8.8(High)

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with th...

NVD-CWE-Other2008

CVE-2010-3730

HIGH

CVSS:8.8(High)

Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web sit...

NVD-CWE-Other2010

CVE-2011-2668

HIGH

CVSS:8.8(High)

Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header

NVD-CWE-Other2011

CVE-2012-1856

HIGH

CVSS:8.8(High)

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Ser...

NVD-CWE-Other2012

CVE-2012-3490

HIGH

CVSS:8.8(High)

The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x befor...

NVD-CWE-Other2012

CVE-2012-6307

HIGH

CVSS:8.8(High)

A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code

NVD-CWE-Other2012