Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Calcite: potential XEE attacks
Vulnerability Description
Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Apache Calcite 代码问题漏洞
Vulnerability Description
Apache Calcite是美国阿帕奇(Apache)基金会的一个开源框架,用于构建数据库和数据管理系统。 Apache Calcite 1.32.0之前的版本存在代码问题漏洞,该漏洞源于SQL操作符EXISTS_NODE, EXTRACT_XML、XML_TRANSFORM和EXTRACT_VALUE在它们的配置中不限制XML外部实体引用,这使得它们容易受到潜在的XML外部实体(XXE)攻击。
CVSS Information
N/A
Vulnerability Type
N/A