Apache · Apache Drill · CVE-2023-48362
**Name of the Vulnerable Software and Affected Versions**
Apache Drill versions 1.19.0 through 1.21.1
**Description**
The issue allows a user to read any file on a remote file system or execute commands via a malicious XML file. This is due to an XXE vulnerability in the XML Format Plugin.
**Recommendations**
For Apache Drill versions 1.19.0 through 1.21.1, upgrade to version 1.21.2 to fix the issue.