VYPR

Calcite

by Apache

Source repositories

CVEs (2)

  • CVE-2026-46718MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.00

    Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue.

  • CVE-2020-13955Oct 9, 2020
    risk 0.00cvss epss 0.02

    HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the…