[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2023-37415: Apache Airflow Apache Hive Provider: Improper Input Validation in Hiv
From: Elad Kalif <eladkal () apache ! org>
Date: 2023-07-12 18:24:33
Message-ID: 85b6b155-cfe9-ab68-c93a-cce73046a7af () apache ! org
[Download RAW message or body]
Severity: moderate
Affected versions:
- Apache Airflow Apache Hive Provider before 6.1.2
Description:
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.
Patching on top of CVE-2023-35797
Before 6.1.2 the proxy_user option can also inject semicolon.
This issue affects Apache Airflow Apache Hive Provider: before 6.1.2.
It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.
Credit:
Son Tran from VNPT - VCI (reporter)
References:
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-37415
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic