CVE-2026-46718
- EPSS 0.44%
- Veröffentlicht 02.06.2026 09:17:51
- Zuletzt bearbeitet 03.06.2026 02:04:50
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue.
CVE-2022-39135
- EPSS 1.86%
- Veröffentlicht 11.09.2022 12:15:08
- Zuletzt bearbeitet 21.11.2024 07:17:38
Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack...
CVE-2020-13955
- EPSS 2.14%
- Veröffentlicht 09.10.2020 13:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:13
HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may ...