6 matches found
EUVD-2022-6798
Malicious code in bioql PyPI...
Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack
In Apache Calcite prior to version 1.32.0 the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these...
GHSA-FJ2M-W3WV-X9PR Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack
In Apache Calcite prior to version 1.32.0 the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these...
CVE-2022-39135
Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these operators,...
Xxe
Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these operators,...
CVE-2022-39135 Apache Calcite: potential XEE attacks
Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these operators,...