GHSA-FJ2M-W3WV-X9PR Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack
In Apache Calcite prior to version 1.32.0 the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these...