XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.
Users are recommended to upgrade to version 1.21.2, which fixes this issue.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Sep 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache drill |
|
CPEs | cpe:2.3:a:apache:drill:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache drill |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-07-24T07:45:43.686Z
Updated: 2024-08-02T21:30:34.449Z
Reserved: 2023-11-15T16:43:39.065Z
Link: CVE-2023-48362
Vulnrichment
Updated: 2024-08-02T21:30:34.449Z
NVD
Status : Modified
Published: 2024-07-24T08:15:02.627
Modified: 2024-11-21T08:31:34.127
Link: CVE-2023-48362
Redhat
No data.