GHSA-mq4v-6vg4-796c

Опубликовано: 11 авг. 2023

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

apache-airflow-providers-apache-drill Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.

Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider before 2.4.3. It is recommended to upgrade to a version that is not affected.

Ссылки

Пакеты

Наименование

apache-airflow-providers-apache-drill

pip

Затронутые версииВерсия исправления

< 2.4.3

2.4.3

EPSS

Процентиль: 84%

0.02197

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2023-39553

Дефекты

CWE-20

Связанные уязвимости

CVE-2023-39553

CVSS3: 7.5

nvd

больше 2 лет назад

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected.

BDU:2023-04764

CVSS3: 3.5

fstec

больше 2 лет назад

Уязвимость сетевого программного средства Apache Airflow Drill Provider, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 84%

0.02197

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2023-39553

Дефекты

CWE-20