Lucene search
HistoryJul 24, 2024 - 8:15 a.m.
CVE-2023-48362
xxe vulnerability
apache drill
version 1.21.2
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
48.4%
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.
Users are recommended to upgrade to version 1.21.2, which fixes this issue.
Affected configurations
Node
apachedrillRange1.9.0–1.21.2
Related
vulnrichment
vulnrichment
CVE-2023-48362 Apache Drill: XXE Vulnerability in XML Format Reader
2024-07-24 07:45:43
cve
cve
CVE-2023-48362
2024-07-24 08:15:02
github
github
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
2024-07-24 09:30:40
cvelist
cvelist
CVE-2023-48362 Apache Drill: XXE Vulnerability in XML Format Reader
2024-07-24 07:45:43
osv
osv
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
2024-07-24 09:30:40
veracode
veracode
XML External Entity (XXE) Injection
2024-07-25 06:21:23
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
48.4%
Related for NVD:CVE-2023-48362