| |
Vulnerability CVE-2023-48362
Published: 2024-07-24
Description: |
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.
Users are recommended to upgrade to version 1.21.2, which fixes this issue. |
Type:
CWE-611 (Information Exposure Through XML External Entity Reference)
References: |
https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|