{"id":"CVE-2021-44791","details":"In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.","aliases":["GHSA-8rmv-98m4-g5c6"],"modified":"2026-04-10T04:36:16.658551Z","published":"2022-07-07T19:15:07.790Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/lh2kcl4j45q7xj4w6rqf6kwf0mvyp2o6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/druid","events":[{"introduced":"0"},{"last_affected":"81e4da747d4fcfd15fa15bfebb942058152a3bba"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.22.1"}]}}],"versions":["druid-0.1.0","druid-0.1.1","druid-0.1.10","druid-0.1.11","druid-0.1.12","druid-0.1.13","druid-0.1.14","druid-0.1.2","druid-0.1.3","druid-0.1.4","druid-0.1.6","druid-0.1.7","druid-0.1.8","druid-0.1.9","druid-0.22.0","druid-0.22.0-rc1","druid-0.22.1","druid-0.22.1-rc1","druid-0.22.1-rc2","druid-0.3.10","druid-0.3.11","druid-0.3.12","druid-0.3.13","druid-0.3.14","druid-0.3.15","druid-0.3.16","druid-0.3.18","druid-0.3.20","druid-0.3.21","druid-0.3.22","druid-0.3.24","druid-0.3.25","druid-0.3.27","druid-0.3.28","druid-0.3.29","druid-0.3.30","druid-0.3.31","druid-0.3.32","druid-0.3.33","druid-0.3.34","druid-0.3.4","druid-0.3.5","druid-0.3.6","druid-0.4.0","druid-0.4.1","druid-0.4.10","druid-0.4.11","druid-0.4.12","druid-0.4.15","druid-0.4.16","druid-0.4.17","druid-0.4.18","druid-0.4.19","druid-0.4.2","druid-0.4.20","druid-0.4.21","druid-0.4.22","druid-0.4.23","druid-0.4.24","druid-0.4.25","druid-0.4.26","druid-0.4.27","druid-0.4.28","druid-0.4.29","druid-0.4.3","druid-0.4.30","druid-0.4.31","druid-0.4.32","druid-0.4.5","druid-0.4.6","druid-0.4.7","druid-0.4.8","druid-0.4.9","druid-0.5.0","druid-0.5.1","druid-0.5.10","druid-0.5.11","druid-0.5.13","druid-0.5.14","druid-0.5.15","druid-0.5.16","druid-0.5.17","druid-0.5.18","druid-0.5.19","druid-0.5.2","druid-0.5.20","druid-0.5.21","druid-0.5.22","druid-0.5.23","druid-0.5.24","druid-0.5.25","druid-0.5.26","druid-0.5.27","druid-0.5.29","druid-0.5.3","druid-0.5.30","druid-0.5.31","druid-0.5.32","druid-0.5.33","druid-0.5.34","druid-0.5.35","druid-0.5.38","druid-0.5.39","druid-0.5.41","druid-0.5.42","druid-0.5.43","druid-0.5.44","druid-0.5.45","druid-0.5.46","druid-0.5.47","druid-0.5.48","druid-0.5.49","druid-0.5.5","druid-0.5.51","druid-0.5.52","druid-0.5.53","druid-0.5.54","druid-0.5.56","druid-0.5.57","druid-0.5.58","druid-0.5.7","druid-0.5.8","druid-0.5.9","druid-0.6.0","druid-0.6.1","druid-0.6.10","druid-0.6.100","druid-0.6.101","druid-0.6.102","druid-0.6.103","druid-0.6.104","druid-0.6.105","druid-0.6.106","druid-0.6.107","druid-0.6.108","druid-0.6.109","druid-0.6.11","druid-0.6.110","druid-0.6.111","druid-0.6.112","druid-0.6.113","druid-0.6.114","druid-0.6.115","druid-0.6.116","druid-0.6.117","druid-0.6.118","druid-0.6.119","druid-0.6.12","druid-0.6.120","druid-0.6.121","druid-0.6.122","druid-0.6.123","druid-0.6.124","druid-0.6.125","druid-0.6.126","druid-0.6.127","druid-0.6.128","druid-0.6.129","druid-0.6.13","druid-0.6.130","druid-0.6.131","druid-0.6.132","druid-0.6.133","druid-0.6.134","druid-0.6.135","druid-0.6.136","druid-0.6.137","druid-0.6.138","druid-0.6.139","druid-0.6.14","druid-0.6.140","druid-0.6.141","druid-0.6.142","druid-0.6.143","druid-0.6.144","druid-0.6.145","druid-0.6.146","druid-0.6.147","druid-0.6.148","druid-0.6.149","druid-0.6.15","druid-0.6.150","druid-0.6.151","druid-0.6.152","druid-0.6.153","druid-0.6.154","druid-0.6.155","druid-0.6.156","druid-0.6.157","druid-0.6.158","druid-0.6.159","druid-0.6.16","druid-0.6.160","druid-0.6.17","druid-0.6.18","druid-0.6.19","druid-0.6.2","druid-0.6.20","druid-0.6.21","druid-0.6.22","druid-0.6.23","druid-0.6.24","druid-0.6.25","druid-0.6.26","druid-0.6.27","druid-0.6.28","druid-0.6.29","druid-0.6.3","druid-0.6.30","druid-0.6.31","druid-0.6.32","druid-0.6.33","druid-0.6.34","druid-0.6.35","druid-0.6.36","druid-0.6.37","druid-0.6.38","druid-0.6.39","druid-0.6.4","druid-0.6.40","druid-0.6.41","druid-0.6.42","druid-0.6.45","druid-0.6.46","druid-0.6.47","druid-0.6.48","druid-0.6.49","druid-0.6.5","druid-0.6.50","druid-0.6.51","druid-0.6.52","druid-0.6.53","druid-0.6.54","druid-0.6.55","druid-0.6.56","druid-0.6.57","druid-0.6.58","druid-0.6.59","druid-0.6.60","druid-0.6.61","druid-0.6.62","druid-0.6.63","druid-0.6.64","druid-0.6.65","druid-0.6.66","druid-0.6.68","druid-0.6.69","druid-0.6.7","druid-0.6.70","druid-0.6.71","druid-0.6.72","druid-0.6.73","druid-0.6.74","druid-0.6.75","druid-0.6.76","druid-0.6.77","druid-0.6.78","druid-0.6.79","druid-0.6.8","druid-0.6.81","druid-0.6.82","druid-0.6.83","druid-0.6.84","druid-0.6.85","druid-0.6.86","druid-0.6.87","druid-0.6.88","druid-0.6.89","druid-0.6.9","druid-0.6.90","druid-0.6.91","druid-0.6.92","druid-0.6.93","druid-0.6.94","druid-0.6.95","druid-0.6.96","druid-0.6.97","druid-0.6.98","druid-0.6.99","druid-0.7.0","druid-0.7.0-rc1","druid-0.7.0-rc2","druid-0.7.0-rc3","druid-0.7.1","druid-0.7.1-rc1","druid-0.8.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44791.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}