Calcite Core is vulnerable to XML external entity attacks. A remote attacker is able to read the contents of confidential files through the use of SQL functions such as EXISTS_NODE
, EXTRACT_XML
, XML_TRANSFORM
or EXTRACT_VALUE
due to insecure business logic in XmlFunctions.java
.
CPE | Name | Operator | Version |
---|---|---|---|
calcite core | le | 1.31.0 | |
calcite core | le | 1.31.0 |