cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-48362,https://securityvulnerability.io/vulnerability/CVE-2023-48362,Apache Drill Vulnerability Allows Remote File Read/Write and Command Execution,"The vulnerability enables an attacker to leverage XML External Entity (XXE) processing in the XML Format Plugin of Apache Drill, starting from version 1.19.0. By crafting a malicious XML file, an attacker can gain unauthorized access to files on a remote file system and execute arbitrary commands. Users of affected versions are strongly advised to upgrade to version 1.21.2, which addresses this vulnerability.",Apache,Apache Drill,8.8,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2024-07-24T07:45:43.686Z,0
CVE-2023-39553,https://securityvulnerability.io/vulnerability/CVE-2023-39553,Apache Airflow Drill Provider Arbitrary File Read Vulnerability,Apache Airflow Drill Provider suffers from an improper input validation flaw that enables attackers to send malicious parameters during the connection setup with DrillHook. This exploitation can lead to unauthorized file access on the Airflow server. It is crucial to update to version 2.4.3 or later to safeguard against this vulnerability and maintain the integrity of your systems.,Apache,Apache Airflow Drill Provider,7.5,HIGH,0.0015899999998509884,false,,false,false,false,,,false,false,,2023-08-11T08:15:00.000Z,0
CVE-2023-28707,https://securityvulnerability.io/vulnerability/CVE-2023-28707,Airflow Apache Drill Provider Arbitrary File Read Vulnerability,"An issue has been identified in the Apache Airflow Drill Provider that allows for improper input validation, potentially leading to unexpected behavior or vulnerabilities during its operation. This affects users running versions prior to 2.3.2. It is crucial for organizations using this tool to review their implementations and apply the necessary patch to mitigate any potential security risks. For more details and updates, users can refer to the official patch and advisory from Apache.",Apache,Apache Airflow Drill Provider,7.5,HIGH,0.0015899999998509884,false,,false,false,false,,,false,false,,2023-04-07T15:15:00.000Z,0
CVE-2017-12630,https://securityvulnerability.io/vulnerability/CVE-2017-12630,,"In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.",Apache,Apache Drill,5.4,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2017-12-18T00:00:00.000Z,0