Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it.
This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1.
It is recommended to upgrade to a version that is not affected
References
Link | Resource |
---|---|
https://github.com/apache/airflow/pull/31984 | Patch Vendor Advisory |
https://lists.apache.org/thread/951rb9m7wwox5p30tdvcfjxq8j1mp4pj | Mailing List Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Jul 2023, 13:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | (MISC) https://lists.apache.org/thread/951rb9m7wwox5p30tdvcfjxq8j1mp4pj - Mailing List, Vendor Advisory | |
References | (MISC) https://github.com/apache/airflow/pull/31984 - Patch, Vendor Advisory | |
First Time |
Apache
Apache apache-airflow-providers-microsoft-mssql Apache apache-airflow-providers-odbc |
|
CPE | cpe:2.3:a:apache:apache-airflow-providers-microsoft-mssql:*:*:*:*:*:*:*:* cpe:2.3:a:apache:apache-airflow-providers-odbc:*:*:*:*:*:*:*:* |
27 Jun 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-27 12:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-35798
Mitre link : CVE-2023-35798
CVE.ORG link : CVE-2023-35798
JSON object : View
Products Affected
apache
- apache-airflow-providers-odbc
- apache-airflow-providers-microsoft-mssql
CWE
CWE-20
Improper Input Validation