critical

com.iunera/druid-mcp-server

v1.2.1

AI-powered MCP server for Apache Druid cluster management and analytic

MCP RegistryiuneraFirst seen Feb 24, 2026Source

74

Total

4

Critical

51

High

19

Medium

Findings

unknown

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    23: import org.springframework.context.ApplicationContextInitializer;
    24: import org.springframework.context.ConfigurableApplicationContext;
>>> 25: import org.springframework.core.env.SystemEnvironmentPropertySource;
    26: import java.util.HashMap;
    27: import java.util.Map;

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    18: 
    19: import org.springframework.beans.factory.annotation.Value;
>>> 20: import org.springframework.core.env.Environment;
    21: import org.springframework.stereotype.Service;
    22:

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    34: 
    35: ### Environment files ###
>>> 36: .env
    37: key.pem
    38:

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    29: mvnw.cmd
    30: 
>>> 31: .env
    32: key.pem

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: jYh��V��qǬ�)�wi�)�Z+a��S�G�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��u��)bz{B�w�I�M�-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��u��)bz{B�w�I�M�-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cj֬��x7�j)l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: M�mE�(�� z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: M�mE�(�� z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cj֬��x7�j)l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cj֬��x7�j)l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cj֬��x7�j)l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: M�mE�(�� z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: M�mE�(�� z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: M�mE�(�� z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: M�mE�(�� z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��?�'�Ǭ��Ԅ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �h �ߊ�x��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �h �ߊ�x��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��%�'��X��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��?�'�Ǭ��Ԅ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �h �ߊ�x��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �h �ߊ�x��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��%�'��X��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��{B�w��ڶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��{B�w��ڶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��"��(��鹹b��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r��^��'��m��-��%��k��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r��^��'��m��-��%��k��ky��j)�v�,

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r��^��'��m��-��%�ǫ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��?�'�Ǭ��Ԅ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: "Y^��@��z{D�ǩ�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��?�'�Ǭ��Ԅ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��-{⮉�z{Uj��nW��w��ڶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��?�'�Ǭ��Ԅ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: M�mE�(�� z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: M�mE�(�� z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: M�mE�(�� z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cj֬��x7�j)l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cj֬��x7�j)l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cj֬��x7�j)l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cj֬��x7�j)l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cj֬��x7�j)l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��Cj֬��x7�j)l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive

mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    8: 
    9: **Official Documentation:**
>>> 10: - [Publishing Guide](https://github.com/modelcontextprotocol/registry/blob/main/docs/guides/publishing/publish-server.md)
    11: - [Server JSON Schema](https://github.com/modelcontextprotocol/registry/blob/main/docs/reference/server-json/generic-server-json.md)
    12: - [Registry API Reference](https://github.com/modelcontextprotocol/registry/blob/main/docs/reference/README.md)

Report false positive

mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    9: **Official Documentation:**
    10: - [Publishing Guide](https://github.com/modelcontextprotocol/registry/blob/main/docs/guides/publishing/publish-server.md)
>>> 11: - [Server JSON Schema](https://github.com/modelcontextprotocol/registry/blob/main/docs/reference/server-json/generic-server-json.md)
    12: - [Registry API Reference](https://github.com/modelcontextprotocol/registry/blob/main/docs/reference/README.md)
    13: - Migration checklist: https://github.com/modelcontextprotocol/registry/blob/main/docs/reference/server-json/CHANGELOG.md#migration-checklist-for-publishers

Report false positive

mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    10: - [Publishing Guide](https://github.com/modelcontextprotocol/registry/blob/main/docs/guides/publishing/publish-server.md)
    11: - [Server JSON Schema](https://github.com/modelcontextprotocol/registry/blob/main/docs/reference/server-json/generic-server-json.md)
>>> 12: - [Registry API Reference](https://github.com/modelcontextprotocol/registry/blob/main/docs/reference/README.md)
    13: - Migration checklist: https://github.com/modelcontextprotocol/registry/blob/main/docs/reference/server-json/CHANGELOG.md#migration-checklist-for-publishers
    14:

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    11: - [Server JSON Schema](https://github.com/modelcontextprotocol/registry/blob/main/docs/reference/server-json/generic-server-json.md)
    12: - [Registry API Reference](https://github.com/modelcontextprotocol/registry/blob/main/docs/reference/README.md)
>>> 13: - Migration checklist: https://github.com/modelcontextprotocol/registry/blob/main/docs/reference/server-json/CHANGELOG.md#migration-checklist-for-publishers
    14: 
    15: ## Prerequisites

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    45: 
    46:     @Test
>>> 47:     void shouldRegisterPermitAllSecurityFilterChainBeanWhenDisabled() {
    48:         System.out.println("[DEBUG_LOG] Verifying Permit-All security bean registration when OAuth is disabled");
    49:         assertThat(applicationContext.containsBean("permitAllSecurityFilterChain")).isTrue();

Report false positive

mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    190:     - name: Install MCP Publisher
    191:       run: |
>>> 192:         curl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher
    193: 
    194:     - name: Login to MCP Registry

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    45: 
    46:     @Test
>>> 47:     void shouldRegisterAuthorizationServerSecurityFilterChainBeanWhenEnabled() {
    48:         System.out.println("[DEBUG_LOG] Verifying OAuth-enabled security bean registration");
    49:         assertThat(applicationContext.containsBean("authorizationServerSecurityFilterChain")).isTrue();

Report false positive

mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    71: 
    72:     @Test
>>> 73:     void testGetDatasourceDetailsResourceReturnsDetailedInfo() {
    74:         System.out.println("[DEBUG_LOG] Testing getDatasourceDetails @McpResource - should return detailed information");
    75:

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive