CVE-2023-35798

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:apache-airflow-providers-microsoft-mssql:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache-airflow-providers-odbc:*:*:*:*:*:*:*:*

History

06 Jul 2023, 13:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
References (MISC) https://lists.apache.org/thread/951rb9m7wwox5p30tdvcfjxq8j1mp4pj - (MISC) https://lists.apache.org/thread/951rb9m7wwox5p30tdvcfjxq8j1mp4pj - Mailing List, Vendor Advisory
References (MISC) https://github.com/apache/airflow/pull/31984 - (MISC) https://github.com/apache/airflow/pull/31984 - Patch, Vendor Advisory
First Time Apache
Apache apache-airflow-providers-microsoft-mssql
Apache apache-airflow-providers-odbc
CPE cpe:2.3:a:apache:apache-airflow-providers-microsoft-mssql:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache-airflow-providers-odbc:*:*:*:*:*:*:*:*

27 Jun 2023, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-27 12:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-35798

Mitre link : CVE-2023-35798

CVE.ORG link : CVE-2023-35798


JSON object : View

Products Affected

apache

  • apache-airflow-providers-odbc
  • apache-airflow-providers-microsoft-mssql
CWE
CWE-20

Improper Input Validation