← Back to CVE List
CVE-2023-48362
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.
Users are recommended to upgrade to version 1.21.2, which fixes this issue.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt