Apache · Apache Druid · CVE-2021-44791
**Name of the Vulnerable Software and Affected Versions**
Apache Druid versions 0.22.1 and earlier
**Description**
The issue allows execution of reflected XSS attacks due to unescaped URL parameters being sent back in HTML responses when certain specially-crafted links are used.
**Recommendations**
For Apache Druid versions 0.22.1 and earlier, update to version 0.23.0 or later to resolve the issue.