Lucene search
ApacheCVELIST:CVE-2023-48362HistoryJul 24, 2024 - 7:45 a.m.
CVE-2023-48362 Apache Drill: XXE Vulnerability in XML Format Reader
2024-07-2407:45:43
CWE-611
apache
www.cve.org
2
apache drill
xml format reader
xxe vulnerability
cve-2023-48362
upgrade
EPSS
0.001
Percentile
48.4%
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.
Users are recommended to upgrade to version 1.21.2, which fixes this issue.
CNA Affected
[
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.drill.contrib:drill-format-xml",
"product": "Apache Drill",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.21.2",
"status": "affected",
"version": "1.19.0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2023-48362 Apache Drill: XXE Vulnerability in XML Format Reader
2024-07-24 07:45:43
cve
cve
CVE-2023-48362
2024-07-24 08:15:02
nvd
nvd
CVE-2023-48362
2024-07-24 08:15:02
github
github
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
2024-07-24 09:30:40
osv
osv
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
2024-07-24 09:30:40
veracode
veracode
XML External Entity (XXE) Injection
2024-07-25 06:21:23