Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Calcite Security Vulnerabilities

cve
cve

CVE-2022-39135

Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators,....

9.8CVSS

9.2AI Score

0.002EPSS

2022-09-11 12:15 PM
80
25
cve
cve

CVE-2022-36364

Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclient_impl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary.....

8.8CVSS

8.9AI Score

0.001EPSS

2022-07-28 09:15 AM
61
3
cve
cve

CVE-2020-13955

HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite...

5.9CVSS

5.7AI Score

0.001EPSS

2020-10-09 01:15 PM
69