VulnerableCode Package Details - pkg:maven/org.apache.drill/drill-common@1.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-j9np-nr8n-x7cr Aliases: CVE-2017-12630 GHSA-xp4g-5xj6-6vpr	Cross-site Scripting In Apache Drill when submitting a form from the Query page, users are able to pass arbitrary script or HTML which will be rendered or executed on the Profile page. For example, after submitting script code that returns cookie information from the Query page, malicious users may obtain this information from the Profile page.	1.12.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mrdq-9pb2-3qb5 Aliases: CVE-2020-13956 GHSA-7r82-7xv7-xcpj	Cross-site scripting in Apache HttpClient Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.	1.19.0 Affected by 0 other vulnerabilities.
VCID-vaar-ytpp-eqc7 Aliases: CVE-2021-36090 GHSA-mc84-pj99-q6hh	Uncontrolled Resource Consumption When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.	1.19.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-j9np-nr8n-x7cr
Aliases:
CVE-2017-12630
GHSA-xp4g-5xj6-6vpr

Cross-site Scripting In Apache Drill when submitting a form from the Query page, users are able to pass arbitrary script or HTML which will be rendered or executed on the Profile page. For example, after submitting script code that returns cookie information from the Query page, malicious users may obtain this information from the Profile page.

1.12.0
Affected by 2 other vulnerabilities.

VCID-mrdq-9pb2-3qb5
Aliases:
CVE-2020-13956
GHSA-7r82-7xv7-xcpj

Cross-site scripting in Apache HttpClient Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

1.19.0
Affected by 0 other vulnerabilities.

VCID-vaar-ytpp-eqc7
Aliases:
CVE-2021-36090
GHSA-mc84-pj99-q6hh

Uncontrolled Resource Consumption When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

1.19.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:27:28.238042+00:00	GitLab Importer	Affected by	VCID-vaar-ytpp-eqc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2021-36090.yml	38.4.0
2026-04-16T21:14:42.259376+00:00	GitLab Importer	Affected by	VCID-mrdq-9pb2-3qb5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2020-13956.yml	38.4.0
2026-04-16T20:40:37.899141+00:00	GitLab Importer	Affected by	VCID-j9np-nr8n-x7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2017-12630.yml	38.4.0
2026-04-11T22:40:24.736780+00:00	GitLab Importer	Affected by	VCID-vaar-ytpp-eqc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2021-36090.yml	38.3.0
2026-04-11T22:26:49.318719+00:00	GitLab Importer	Affected by	VCID-mrdq-9pb2-3qb5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2020-13956.yml	38.3.0
2026-04-11T21:51:18.838427+00:00	GitLab Importer	Affected by	VCID-j9np-nr8n-x7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2017-12630.yml	38.3.0
2026-04-02T22:50:54.702602+00:00	GitLab Importer	Affected by	VCID-vaar-ytpp-eqc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2021-36090.yml	38.1.0
2026-04-02T22:38:32.867473+00:00	GitLab Importer	Affected by	VCID-mrdq-9pb2-3qb5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2020-13956.yml	38.1.0
2026-04-02T22:05:08.956789+00:00	GitLab Importer	Affected by	VCID-j9np-nr8n-x7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2017-12630.yml	38.1.0
2026-04-01T17:08:55.036961+00:00	GitLab Importer	Affected by	VCID-vaar-ytpp-eqc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2021-36090.yml	38.0.0
2026-04-01T16:55:57.912519+00:00	GitLab Importer	Affected by	VCID-mrdq-9pb2-3qb5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2020-13956.yml	38.0.0
2026-04-01T16:22:06.302748+00:00	GitLab Importer	Affected by	VCID-j9np-nr8n-x7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.drill/drill-common/CVE-2017-12630.yml	38.0.0