Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.
It is recommended to upgrade to a version that is not affected.
Metrics
Affected Vendors & Products
References
History
Thu, 13 Feb 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected. | Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected. |
Tue, 01 Oct 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache apache-airflow-providers-apache-drill
|
|
CPEs | cpe:2.3:a:apache:apache-airflow-providers-apache-drill:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache apache-airflow-providers-apache-drill
|
|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: apache
Published: 2023-08-17T13:52:30.647Z
Updated: 2025-02-13T17:07:44.473Z
Reserved: 2023-08-12T06:29:53.016Z
Link: CVE-2023-40272

Updated: 2024-08-02T18:31:52.381Z

Status : Modified
Published: 2023-08-17T14:15:10.083
Modified: 2025-02-13T17:17:01.100
Link: CVE-2023-40272

No data.