[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2023-39553: Apache Airflow Drill Provider Arbitrary File Read Vulnerability
From: Elad Kalif <eladkal () apache ! org>
Date: 2023-08-11 4:57:45
Message-ID: 40a53997-ded9-402a-6c5b-2fa76e160ad6 () apache ! org
[Download RAW message or body]
Severity: moderate
Affected versions:
- Apache Airflow Drill Provider before 2.4.3
Description:
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill \
Provider.
Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in \
malicious parameters when establishing a connection with DrillHook giving an opportunity to \
read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before \
2.4.3. It is recommended to upgrade to a version that is not affected.
Credit:
sw0rd1ight of Caiji Sec Team and 4ra1n of Chaitin Tech (finder)
References:
https://github.com/apache/airflow/pull/33074
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-39553
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic