Vulnerabilities > Apache > Calcite > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-11 | CVE-2022-39135 | Unspecified vulnerability in Apache Calcite Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. | 9.8 |