Описание
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0.
Ссылки
- Patch
- Mailing ListVendor Advisory
- Patch
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.0 (исключая)
cpe:2.3:a:apache:apache-airflow-providers-odbc:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00167
Низкий
7.8 High
CVSS3
Дефекты
CWE-88
CWE-88
Связанные уязвимости
CVSS3: 7.8
github
больше 2 лет назад
Apache Airflow ODBC Provider Argument Injection vulnerability
EPSS
Процентиль: 38%
0.00167
Низкий
7.8 High
CVSS3
Дефекты
CWE-88
CWE-88