Apache Drill is vulnerable directory traversal attacks. The application is does not prevent user queries from accessing paths outside of their workspace, allowing a malicious user to traverse the directory.