Lucene search
PRIOn knowledge basePRION:CVE-2022-39135HistorySep 11, 2022 - 12:15 p.m.
Xxe
2022-09-1112:15:00
PRIOn knowledge base
www.prio-n.com
6
apache calcite
sql operators
xml external entity
xxe attack
oracle dialect
mysql dialect
document type declarations
nvd
Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.
Related
nvd
nvd
CVE-2022-39135
2022-09-11 12:15:08
veracode
veracode
XML External Entity (XXE)
2022-09-12 05:15:01
osv
osv
CVE-2022-39135
2022-09-11 12:15:08
github
github
cvelist
cvelist
CVE-2022-39135 Apache Calcite: potential XEE attacks
2022-09-11 00:00:00
ibm
ibm
redhatcve
redhatcve
CVE-2022-39135
2022-09-13 19:43:00
cve
cve
CVE-2022-39135
2022-09-11 12:15:08
nessus
nessus
Oracle Essbase (April 2023 CPU)
2023-04-20 00:00:00
IBM Cognos Analytics Multiple Vulnerabilities (6986505)
2023-05-12 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00