| |
Podatność CVE-2023-48362
Publikacja: 2024-07-24
| Opis: |
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.
Users are recommended to upgrade to version 1.21.2, which fixes this issue. |
Typ:
CWE-611 (Information Exposure Through XML External Entity Reference)
Referencje: |
https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
Polish
English