Vulnerabilities > Apache > Drill

DATE CVE VULNERABILITY TITLE RISK
2024-07-24 CVE-2023-48362 Unspecified vulnerability in Apache Drill
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.
network
low complexity
apache
8.8
2019-07-30 CVE-2019-14439 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2.
7.5
2019-05-23 CVE-2019-0201 Missing Authorization vulnerability in multiple products
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta.
network
high complexity
apache debian redhat oracle netapp CWE-862
5.9
2019-04-22 CVE-2019-10241 Cross-site Scripting vulnerability in multiple products
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
network
low complexity
eclipse debian apache oracle CWE-79
6.1
2017-12-18 CVE-2017-12630 Cross-site Scripting vulnerability in Apache Drill
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards.
network
low complexity
apache CWE-79
5.4
2014-11-24 CVE-2010-5312 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
6.1