XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.
Users are recommended to upgrade to version 1.21.2, which fixes this issue.
CVSS
No CVSS.
References
Configurations
No configuration.
History
No history.
Information
Published : 2024-07-24 08:15
Updated : 2024-07-24 14:15
NVD link : CVE-2023-48362
Mitre link : CVE-2023-48362
CVE.ORG link : CVE-2023-48362
JSON object : View
Products Affected
No product.
CWE
CWE-611
Improper Restriction of XML External Entity Reference