Charles Givre created DRILL-8461:
------------------------------------
Summary: Prevent XXE Attacks in XML Format Plugin
Key: DRILL-8461
URL: https://issues.apache.org/jira/browse/DRILL-8461
Project: Apache Drill
Issue Type: Bug
Components: Format - XML
Affects Versions: 1.21.1
Reporter: Charles Givre
Assignee: Charles Givre
Fix For: 1.22.0
Drill's XML reader would allow a maliciously crafted XML file to perform an
_XML eXternal Entity injection_ (XXE) attack. This fix disables DTD parsing
in the XML format plugin and prevents XXE attacks.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
