Vulnerabilities > Apache > Calcite

DATE CVE VULNERABILITY TITLE RISK
2022-09-11 CVE-2022-39135 Unspecified vulnerability in Apache Calcite
Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack.
network
low complexity
apache
critical
9.8
2020-10-09 CVE-2020-13955 Improper Certificate Validation vulnerability in Apache Calcite
HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks.
network
high complexity
apache CWE-295
5.9