1.9.0

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-24	CVE-2023-48362	Unspecified vulnerability in Apache Drill XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue. network low complexity apache	8.8
2017-12-18	CVE-2017-12630	Cross-site Scripting vulnerability in Apache Drill In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. network low complexity apache CWE-79	5.4