Advisories for Maven/Org.apache.drill/Drill-Common package

2021
2020
2017

Cross-site Scripting

In Apache Drill when submitting a form from the Query page, users are able to pass arbitrary script or HTML which will be rendered or executed on the Profile page. For example, after submitting script code that returns cookie information from the Query page, malicious users may obtain this information from the Profile page.