org.apache.calcite:calcite-core@1.24.0 vulnerabilities
-
latest version
1.37.0
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
5 months ago
-
licenses detected
- [0.9.1-incubating,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.calcite:calcite-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.calcite:calcite-core is a Core Calcite APIs and engine. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the SQL operators Note: Users who expose these operators, typically by using Oracle dialect (for the first three) or MySQL dialect (for the last one), are affected by this vulnerability. How to fix XML External Entity (XXE) Injection? Upgrade |
[1.22.0,1.32.0)
|
org.apache.calcite:calcite-core is a Core Calcite APIs and engine. Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). The The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. How to fix Man-in-the-Middle (MitM)? Upgrade |
[,1.26)
|