Vulnerabilities > Apache > Drill > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2023-48362 | XXE vulnerability in Apache Drill XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue. | 8.8 |
| 2019-07-30 | CVE-2019-14439 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. | 7.5 |