Описание
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.3 (исключая)
cpe:2.3:a:apache:apache-airflow-providers-apache-spark:*:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00576
Низкий
7.5 High
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
Apache Airflow Spark Provider Improper Input Validation vulnerability
EPSS
Процентиль: 68%
0.00576
Низкий
7.5 High
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo