GHSA-V62G-JWJ9-RFVX XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

PT-2024-13606 · Apache · Apache Drill

Name of the Vulnerable Software and Affected Versions: Apache Drill versions 1.19.0 through 1.21.1 Description: The issue allows a user to read any file on a remote file system or execute commands via a malicious XML file. This is due to an XXE vulnerability in the XML Format Plugin...