CVE-2023-48362
published 2024-07-24CVE-2023-48362: XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.
Users are recommended to upgrade to version 1.21.2, which fixes this issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | drill | >= 1.9.0 < 1.21.2 | 1.21.2 |
| apache_software_foundation | apache_drill | >= 1.19.0 < 1.21.2 | 1.21.2 |