CVE-2023-48362
HIGH WAF: High
CVSS 8.8
Published: 2024-07-24
CWE-611
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| apache | drill | 1.9.0 - 1.21.2 |
References
- www.openwall.com (Mailing List)
- lists.apache.org (Mailing List, Vendor Advisory)