'[oss-security] CVE-2023-37415: Apache Airflow Apache Hive Provider: Improper Input Validation in Hiv'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2023-37415: Apache Airflow Apache Hive Provider: Improper Input Validation in Hiv
From:       Elad Kalif <eladkal () apache ! org>
Date:       2023-07-12 18:24:33
Message-ID: 85b6b155-cfe9-ab68-c93a-cce73046a7af () apache ! org
[Download RAW message or body]

Severity: moderate

Affected versions:

- Apache Airflow Apache Hive Provider before 6.1.2

Description:

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.

Patching on top of CVE-2023-35797
Before  6.1.2  the proxy_user option can also inject semicolon.

This issue affects Apache Airflow Apache Hive Provider: before 6.1.2.

It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.

Credit:

Son Tran from VNPT - VCI (reporter)

References:

https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-37415

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic