Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.
Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.
This issue affects Apache Airflow Drill Provider: before 2.4.3.
It is recommended to upgrade to a version that is not affected.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/08/11/1 | Mailing List Patch Third Party Advisory |
https://github.com/apache/airflow/pull/33074 | Patch |
https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf | Mailing List Patch Vendor Advisory |
Configurations
History
01 Oct 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Aug 2023, 15:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apache
Apache apache-airflow-providers-apache-drill |
|
CPE | cpe:2.3:a:apache:apache-airflow-providers-apache-drill:*:*:*:*:*:*:*:* | |
References | (MISC) https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf - Mailing List, Patch, Vendor Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/08/11/1 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://github.com/apache/airflow/pull/33074 - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
11 Aug 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Aug 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-11 08:15
Updated : 2024-10-01 19:35
NVD link : CVE-2023-39553
Mitre link : CVE-2023-39553
CVE.ORG link : CVE-2023-39553
JSON object : View
Products Affected
apache
- apache-airflow-providers-apache-drill
CWE
CWE-20
Improper Input Validation