Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-r2f6-6928-fh8f

Опубликовано: 17 авг. 2023
Источник: github
Github: Прошло ревью
CVSS3: 7.5

Описание

Apache Airflow Spark Provider Improper Input Validation vulnerability

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.

Ссылки

Пакеты

Наименование

apache-airflow-providers-apache-spark

pip
Затронутые версииВерсия исправления

< 4.1.3

4.1.3

EPSS

Процентиль: 68%
0.00576
Низкий

7.5 High

CVSS3

CVE ID

CVE-2023-40272

Дефекты

CWE-20

Связанные уязвимости

nvd логотип

CVE-2023-40272

CVSS3: 7.5
nvd
больше 2 лет назад

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.

EPSS

Процентиль: 68%
0.00576
Низкий

7.5 High

CVSS3

CVE ID

CVE-2023-40272

Дефекты

CWE-20