Vulnerabilities > Apache > Calcite

DATE CVE VULNERABILITY TITLE RISK
2022-09-11 CVE-2022-39135 XXE vulnerability in Apache Calcite
Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack.
network
low complexity
apache CWE-611
critical
 9.8
9.8
2020-10-09 CVE-2020-13955 Missing Authentication for Critical Function vulnerability in Apache Calcite
HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks.
network
apache CWE-306
4.3
4.3