CVE-2023-37415

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxy_user option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.
References
Link Resource
http://www.openwall.com/lists/oss-security/2023/07/12/3 Mailing List Third Party Advisory
https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:apache-airflow-providers-apache-hive:*:*:*:*:*:*:*:*

History

25 Jul 2023, 14:51

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Apache
Apache apache-airflow-providers-apache-hive
References (MISC) https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k - (MISC) https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k - Mailing List, Vendor Advisory
References (MISC) http://www.openwall.com/lists/oss-security/2023/07/12/3 - (MISC) http://www.openwall.com/lists/oss-security/2023/07/12/3 - Mailing List, Third Party Advisory
CPE cpe:2.3:a:apache:apache-airflow-providers-apache-hive:*:*:*:*:*:*:*:*

13 Jul 2023, 23:15

Type Values Removed Values Added
References
  • (MISC) http://www.openwall.com/lists/oss-security/2023/07/12/3 -

13 Jul 2023, 08:32

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-13 08:15

Updated : 2024-10-04 14:35


NVD link : CVE-2023-37415

Mitre link : CVE-2023-37415

CVE.ORG link : CVE-2023-37415


JSON object : View

Products Affected

apache

  • apache-airflow-providers-apache-hive
CWE
CWE-20

Improper Input Validation