[jira] [Commented] (DRILL-8461) Prevent XXE Attacks in XML Format Plugin

ASF GitHub Bot (Jira) Sun, 05 Nov 2023 19:36:05 -0800


    [ 
https://issues.apache.org/jira/browse/DRILL-8461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17783079#comment-17783079
 ]


ASF GitHub Bot commented on DRILL-8461:
---------------------------------------

cgivre merged PR #2845:
URL: https://github.com/apache/drill/pull/2845




> Prevent XXE Attacks in XML Format Plugin
> ----------------------------------------
>
>                 Key: DRILL-8461
>                 URL: https://issues.apache.org/jira/browse/DRILL-8461
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Format - XML
>    Affects Versions: 1.21.1
>            Reporter: Charles Givre
>            Assignee: Charles Givre
>            Priority: Critical
>             Fix For: 1.22.0
>
>
> Drill's XML reader would allow a maliciously crafted XML file to perform an 
> _XML eXternal Entity injection_ (XXE)  attack.  This fix disables DTD parsing 
> in the XML format plugin and prevents XXE attacks.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (DRILL-8461) Prevent XXE Attacks in XML Format Plugin

Reply via email to