Vulnerability Details : CVE-2022-39135
Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2022-39135
- cpe:2.3:a:apache:calcite:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-39135
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-39135
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-39135
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by:
- nvd@nist.gov (Secondary)
- security@apache.org (Primary)
References for CVE-2022-39135
-
https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082
CVE-2022-39135: Apache Calcite: potential XEE attacks-Apache Mail ArchivesMailing List;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2022/11/21/3
oss-security - Apache Solr is vulnerable to CVE-2022-39135 via /sql handlerMailing List;Mitigation;Third Party Advisory
Jump to