Lucene search
China National Vulnerability DatabaseCNVD-2023-55392HistoryJul 05, 2023 - 12:00 a.m.
Apache Hive Provider Code Execution Vulnerability
2023-07-0500:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
apache airflow
hive provider
code execution
input validation
vulnerability
apache foundation
distributed storage
sql
attacker
arbitrary code
system
EPSS
0.003
Percentile
70.5%
Apache Airflow is a suite of open source platforms for creating, managing, and monitoring workflows from the Apache Foundation.The Apache Airflow Hive Provider is a toolkit for reading, writing, and managing large datasets in distributed storage using SQL. A code execution vulnerability exists in Apache Airflow Hive Provider, which is caused by incorrect validation of inputs to the subject parameter. An attacker can exploit this vulnerability to execute arbitrary code on the system.
Related
osv
osv
CVE-2023-35797
2023-07-03 10:15:09
Apache Airflow Hive Provider Beeline remote code execution with Principal
2023-07-03 12:30:34
CVE-2023-37415
2023-07-13 08:15:10
cvelist
cvelist
cve
cve
CVE-2023-35797
2023-07-03 10:15:09
CVE-2023-37415
2023-07-13 08:15:10
nvd
nvd
CVE-2023-35797
2023-07-03 10:15:09
CVE-2023-37415
2023-07-13 08:15:10
prion
prion
Input validation
2023-07-03 10:15:00
Input validation
2023-07-13 08:15:00
veracode
veracode
Improper Input Validation
2023-07-07 06:34:41
github
github
Apache Airflow Hive Provider Beeline remote code execution with Principal
2023-07-03 12:30:34
Apache Airflow Apache Hive Provider Improper Input Validation vulnerability
2023-07-13 09:30:28