AI Score
Confidence
Low
EPSS
Percentile
48.4%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.
Users are recommended to upgrade to version 1.21.2, which fixes this issue.
[
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_drill:*:*:*:*:*:*:*:*"
],
"vendor": "apache_software_foundation",
"product": "apache_drill",
"versions": [
{
"status": "affected",
"version": "1.19.0",
"lessThan": "1.21.2",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]