Apache Druid is a distributed data processing system that supports real-time multi-dimensional OLAP analysis. Druid provides low latency (real-time) data ingestion, and the most common scenario for Druid is the multi-dimensional and flexible OLAP analysis, due to big data background. Druid also supports pre-aggregation ingestion and aggregation analysis of data, based on time stamps, so some users use it in scenarios with time-series data processing and analysis.


On Feb 1, 2021, the Sangfor Security Team verified an Apache Druid remote code execution vulnerability CVE-2021-25646, classified as critical. The vulnerability is due to a lack of authentication in Apache Druid by default. Attackers can directly construct malicious requests to execute arbitrary code and control servers.


Apache Druid is a data store designed for high-performance OLAP queries fragment analysis on large data sets. It is also used as a data store for GUI analysis applications, or as a back-end for high-concurrency APIs that require fast aggregation. Apache Druid is often used for clickstream analysis (web and mobile analysis), network telemetry analysis (network performance monitoring), server index storage, supply chain analysis (manufacturing index), application performance measurement, digital marketing/advertising analysis, business intelligence and online analytical processing. There are more than 30,000 available hosts in the world that are potentially vulnerable to remote code execution.

Affected versions:

Apache Druid version earlier than 0.20.1


Jan 27, 2021 Apache Druid released a security bulletin.
Feb 1, 2021 Sangfor FarSight Labs detected the attack information of this vulnerability and released a vulnerability alert.


Apache has released a new version to fix this vulnerability. Please download and install it from the following link:

Listen To This Post


Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

Cyber Security

Ransomware Attacks in Asia on the Rise, Are You Next?

Date : 09 Aug 2022
Read Now

Cyber Security

How to Level Up Your Incident Response Plan

Date : 28 Jul 2022
Read Now

Cyber Security

What is a Phishing Attack and How to Defend Against Them

Date : 27 Jul 2022
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
NGAF - Next Generation Firewall (NGFW)
SASE Access
icon notification