Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-mm87-c3x2-6f89

Опубликовано: 29 июн. 2023
Источник: github
Github: Прошло ревью
CVSS3: 8.8

Описание

Apache Airflow JDBC Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.

Ссылки

Пакеты

Наименование

apache-airflow-providers-jdbc

pip
Затронутые версииВерсия исправления

< 4.0.0

4.0.0

EPSS

Процентиль: 50%
0.00272
Низкий

8.8 High

CVSS3

CVE ID

CVE-2023-22886

Дефекты

CWE-20

Связанные уязвимости

nvd логотип

CVE-2023-22886

CVSS3: 8.8
nvd
больше 2 лет назад

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.

EPSS

Процентиль: 50%
0.00272
Низкий

8.8 High

CVSS3

CVE ID

CVE-2023-22886

Дефекты

CWE-20