关键信息 漏洞描述 漏洞编号: CVE-2024-45384 受影响的组件: Apache Druid: Padding oracle in druid-pac4j extension 受影响的版本: Apache Druid 0.18.0 through 30.0.0 描述: Padding Oracle vulnerability in Apache Druid extension, druid-pac4j, allowing an attacker to manipulate a pac4j session cookie via Padding Oracle Attack. 影响范围 受影响的范围: Apache Druid versions 0.18.0 through 30.0.0. 受影响的组件状态: Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability. 推荐措施 建议升级: Upgrade to version 30.0.1 or higher, which fixes the issue and ensures you have a strong as a precaution. 参考链接 官方链接: https://druid.apache.org CVE链接: https://www.cve.org/CVERecord?id=CVE-2024-45384 其他信息 报告人: mr-n30 信用: mr-n30 (reporter) 订阅和帮助: To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org. For additional commands, e-mail: dev-help@druid.apache.org.