VYPR
High severityNVD Advisory· Published Jul 24, 2024· Updated Feb 13, 2025

Apache Drill: XXE Vulnerability in XML Format Reader

CVE-2023-48362

Description

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.drill.exec:drill-java-execMaven
>= 1.19.0, < 1.21.21.21.2

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.