EUVD-2022-5833

Malicious code in bioql PyPI...

EUVD-2024-2417

Malicious code in bioql PyPI...

CVE-2023-48362

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

XML External Entity (XXE) Injection

Apache Drill is vulnerable to XML External Entity XXE Injection. The vulnerability is due to inadequate restriction of external entity references, allowing attackers to access files or execute commands through manipulated XML data...

Apache Drill XML External Entity Injection Vulnerability

Apache Drill is an open source software framework from the American company Apache Apache. Apache Drill 1.19.0 and earlier versions suffer from an XML external entity injection vulnerability that can be exploited by an attacker to read any file on a remote file system or execute commands through ...

XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

GHSA-V62G-JWJ9-RFVX XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

CVE-2023-48362

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

CVE-2023-48362

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

CVE-2023-48362

CVE-2023-48362 describes a XXE vulnerability in the XML Format Plugin of Apache Drill . The issue affects Drill 1.19.0 and later, enabling an attacker to read arbitrary files on a remote file system or execute commands through a crafted XML file. The documented remediation is to upgrade to Apache...

CVE-2023-48362 Apache Drill: XXE Vulnerability in XML Format Reader

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

CVE-2023-48362 Apache Drill: XXE Vulnerability in XML Format Reader

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

PT-2024-13606 · Apache · Apache Drill

Name of the Vulnerable Software and Affected Versions: Apache Drill versions 1.19.0 through 1.21.1 Description: The issue allows a user to read any file on a remote file system or execute commands via a malicious XML file. This is due to an XXE vulnerability in the XML Format Plugin...

Apache Drill 代码问题漏洞

Apache Drill is an open source software framework from the American company Apache Apache. Apache Drill 1.19.0 and earlier versions suffer from an XML external entity injection vulnerability that can be exploited by an attacker to read any file on a remote file system or execute commands through ...

Arbitrary File Read

apache-airflow-providers-apache-drill is vulnerable to Arbitrary File Read. The vulnerability exists because the getconn function of drill.py allows database URL's with unescaped parameters allowing an attacker to read arbitrary files when establishing a connection with the DrillHook...

apache-airflow-providers-apache-drill Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...

Improper Input Validation

apache-airflow-providers-apache-drill is vulnerable to Improper Input Validation. The vulnerability exists because the getconn function of drill.py does not properly sanitize invalid characters when the host passes through the drill connection...

CVE-2023-28707 Airflow Apache Drill Provider Arbitrary File Read Vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...

SUSE CVE-2020-14060

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...

GHSA-XP4G-5XJ6-6VPR Apache Drill vulnerable to Cross-site Scripting

In Apache Drill 1.11.0 and earlier, when submitting form from Query page, users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this...