Apache Software Foundation Drill 1.10.0

CPE Details

Apache Software Foundation Drill 1.10.0
1.10.0
2019-06-20
16h48 +00:00
2019-06-20
16h48 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:drill:1.10.0:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

drill

Version

1.10.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-48362 2024-07-24 07h45 +00:00 XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.
9.8
Critical
CVE-2017-12630 2017-12-18 14h00 +00:00 In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.
5.4
Medium