CVE-2023-48362
Severity:
Pending analysis
Type:
CWE-611
Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
24/07/2024
Last modified:
24/07/2024
Description
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.<br />
Users are recommended to upgrade to version 1.21.2, which fixes this issue.