cvelistv5 - cve-2022-39135

Source	URL	Tags
security@apache.org	http://www.openwall.com/lists/oss-security/2022/11/21/3	Mailing List, Mitigation, Third Party Advisory
security@apache.org	https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082	Mailing List, Vendor Advisory

Vendor	Product
Apache Software Foundation	Apache Calcite

gsd-2022-39135

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.

Aliases

CVE-2022-39135

Aliases

CVE-2022-39135

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-39135",
    "description": "In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.",
    "id": "GSD-2022-39135"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-39135"
      ],
      "details": "Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.",
      "id": "GSD-2022-39135",
      "modified": "2023-12-13T01:19:20.603781Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2022-39135",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Calcite",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.22.0",
                          "version_value": "1.32.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Apache Calcite would like to thank David Handermann for reporting this issue"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-611",
                "lang": "eng",
                "value": "CWE-611 Improper Restriction of XML External Entity Reference"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2022/11/21/3",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2022/11/21/3"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.32.0)",
          "affected_versions": "All versions before 1.32.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-611",
            "CWE-937"
          ],
          "date": "2023-02-04",
          "description": "In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.",
          "fixed_versions": [
            "1.32.0"
          ],
          "identifier": "CVE-2022-39135",
          "identifiers": [
            "CVE-2022-39135"
          ],
          "not_impacted": "",
          "package_slug": "maven/org.apache.calcite/calcite-core",
          "pubdate": "2022-09-11",
          "solution": "Upgrade to version 1.32.0 or above.",
          "title": "Improper Restriction of XML External Entity Reference",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-39135",
            "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082"
          ],
          "uuid": "2c2587d3-95ea-4c3e-a48d-b7fc4bc3c8d3"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:calcite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.32.0",
                "versionStartIncluding": "1.22.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2022-39135"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082"
            },
            {
              "name": "[oss-security] 20221121 Apache Solr is vulnerable to CVE-2022-39135 via /sql handler",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/21/3"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-11-06T19:38Z",
      "publishedDate": "2022-09-11T12:15Z"
    }
  }
}

wid-sec-w-2023-1548

Vulnerability from csaf_certbund

Published

2023-06-22 22:00

Modified

2023-10-29 23:00

Summary

IBM QRadar SIEM: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1548 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1548.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1548 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1548"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2023-10-27",
        "url": "https://www.ibm.com/support/pages/node/7060803"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7006057 vom 2023-06-22",
        "url": "https://www.ibm.com/support/pages/node/7006069"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7006057 vom 2023-06-22",
        "url": "https://www.ibm.com/support/pages/node/7006085"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7006057 vom 2023-06-22",
        "url": "https://www.ibm.com/support/pages/node/7006083"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7006057 vom 2023-06-22",
        "url": "https://www.ibm.com/support/pages/node/7006081"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7006057 vom 2023-06-22",
        "url": "https://www.ibm.com/support/pages/node/7006057"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM QRadar SIEM: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-10-29T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:32:25.886+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-1548",
      "initial_release_date": "2023-06-22T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-22T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-10-29T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM QRadar SIEM 7.5.0",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0",
                  "product_id": "T023574",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM QRadar SIEM \u003c 7.5.0 UP6",
                "product": {
                  "name": "IBM QRadar SIEM \u003c 7.5.0 UP6",
                  "product_id": "T028300",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26276",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023574"
        ]
      },
      "release_date": "2023-06-22T22:00:00Z",
      "title": "CVE-2023-26276"
    },
    {
      "cve": "CVE-2023-26274",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023574"
        ]
      },
      "release_date": "2023-06-22T22:00:00Z",
      "title": "CVE-2023-26274"
    },
    {
      "cve": "CVE-2023-26273",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023574"
        ]
      },
      "release_date": "2023-06-22T22:00:00Z",
      "title": "CVE-2023-26273"
    },
    {
      "cve": "CVE-2022-39135",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023574"
        ]
      },
      "release_date": "2023-06-22T22:00:00Z",
      "title": "CVE-2022-39135"
    },
    {
      "cve": "CVE-2022-34352",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023574"
        ]
      },
      "release_date": "2023-06-22T22:00:00Z",
      "title": "CVE-2022-34352"
    },
    {
      "cve": "CVE-2020-36518",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023574"
        ]
      },
      "release_date": "2023-06-22T22:00:00Z",
      "title": "CVE-2020-36518"
    },
    {
      "cve": "CVE-2020-35491",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023574"
        ]
      },
      "release_date": "2023-06-22T22:00:00Z",
      "title": "CVE-2020-35491"
    },
    {
      "cve": "CVE-2020-35490",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023574"
        ]
      },
      "release_date": "2023-06-22T22:00:00Z",
      "title": "CVE-2020-35490"
    },
    {
      "cve": "CVE-2020-13955",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023574"
        ]
      },
      "release_date": "2023-06-22T22:00:00Z",
      "title": "CVE-2020-13955"
    },
    {
      "cve": "CVE-2020-11971",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023574"
        ]
      },
      "release_date": "2023-06-22T22:00:00Z",
      "title": "CVE-2020-11971"
    },
    {
      "cve": "CVE-2018-7489",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023574"
        ]
      },
      "release_date": "2023-06-22T22:00:00Z",
      "title": "CVE-2018-7489"
    }
  ]
}

ghsa-fj2m-w3wv-x9pr

Vulnerability from github

Published

2022-09-12 00:00

Modified

2022-09-16 22:02

Severity

9.8 (Critical) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack

Details

In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.calcite:calcite-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.32.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-15T03:28:19Z",
    "nvd_published_at": "2022-09-11T12:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.",
  "id": "GHSA-fj2m-w3wv-x9pr",
  "modified": "2022-09-16T22:02:34Z",
  "published": "2022-09-12T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39135"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/11/21/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack"
}

Action not permitted

cve-2022-39135

Vulnerability from cvelistv5

gsd-2022-39135

Vulnerability from gsd

wid-sec-w-2023-1548

Vulnerability from csaf_certbund

ghsa-fj2m-w3wv-x9pr

Vulnerability from github

Tags