[jira] [Closed] (DRILL-8461) Prevent XXE Attacks in XML Format Plugin

James Turton (Jira) Sun, 31 Dec 2023 06:02:04 -0800


     [ 
https://issues.apache.org/jira/browse/DRILL-8461?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


James Turton closed DRILL-8461.
-------------------------------
    Resolution: Fixed

> Prevent XXE Attacks in XML Format Plugin
> ----------------------------------------
>
>                 Key: DRILL-8461
>                 URL: https://issues.apache.org/jira/browse/DRILL-8461
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Format - XML
>    Affects Versions: 1.21.1
>            Reporter: Charles Givre
>            Assignee: Charles Givre
>            Priority: Critical
>             Fix For: 1.22.0
>
>
> Drill's XML reader would allow a maliciously crafted XML file to perform an 
> _XML eXternal Entity injection_ (XXE)  attack.  This fix disables DTD parsing 
> in the XML format plugin and prevents XXE attacks.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (DRILL-8461) Prevent XXE Attacks in XML Format Plugin

Reply via email to