Vulnerabilities > Apache > Calcite > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-11 CVE-2022-39135 Unspecified vulnerability in Apache Calcite
Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack.
network
low complexity
apache
critical
9.8