Vulnerability CVE-2023-48362


Published: 2024-07-24

Description:
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.
Users are recommended to upgrade to version 1.21.2, which fixes this issue.

Type:

CWE-611

(Information Exposure Through XML External Entity Reference)

 References:
https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl

Copyright 2024, cxsecurity.com

 

Back to Top