Charles Givre created DRILL-8461: ------------------------------------ Summary: Prevent XXE Attacks in XML Format Plugin Key: DRILL-8461 URL: https://issues.apache.org/jira/browse/DRILL-8461 Project: Apache Drill Issue Type: Bug Components: Format - XML Affects Versions: 1.21.1 Reporter: Charles Givre Assignee: Charles Givre Fix For: 1.22.0
Drill's XML reader would allow a maliciously crafted XML file to perform an _XML eXternal Entity injection_ (XXE) attack. This fix disables DTD parsing in the XML format plugin and prevents XXE attacks. -- This message was sent by Atlassian Jira (v8.20.10#820010)