Vulnerabilities > Apache > Drill > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-24 CVE-2023-48362 Unspecified vulnerability in Apache Drill
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.
network
low complexity
apache
8.8
2019-07-30 CVE-2019-14439 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2.
7.5