216.73.217.86

CVE-2023-48362

· Published 24/07/2024 08:15 · Modified 24/07/2024 14:15

Labels: CVE-2023-48362 2024-07-24CVE-2023-48362CWE-611[email protected]

Essential information

Published
24/07/2024 08:15
Modified
24/07/2024 14:15
Author
Creator
CISA KEV
No
CWE

Description

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References