Lucene search
ApacheCVELIST:CVE-2023-37415HistoryJul 13, 2023 - 7:35 a.m.
CVE-2023-37415 Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user
2023-07-1307:35:33
CWE-20
apache
www.cve.org
3
cve-2023-37415
apache airflow
apache hive provider
improper input validation
apache software foundation
patching
cve-2023-35797
injection
vulnerability
update
provider version
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.
Patching on top of CVE-2023-35797
BeforeΒ 6.1.2Β the proxy_user option can also inject semicolon.
This issue affects Apache Airflow Apache Hive Provider: before 6.1.2.
It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Airflow Apache Hive Provider",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2023-37415
2023-07-13 08:15:10
CVE-2023-35797
2023-07-03 10:15:09
osv
osv
CVE-2023-37415
2023-07-13 08:15:10
Apache Airflow Apache Hive Provider Improper Input Validation vulnerability
2023-07-13 09:30:28
CVE-2023-35797
2023-07-03 10:15:09
nvd
nvd
CVE-2023-37415
2023-07-13 08:15:10
CVE-2023-35797
2023-07-03 10:15:09
prion
prion
Input validation
2023-07-13 08:15:00
Input validation
2023-07-03 10:15:00
github
github
Apache Airflow Apache Hive Provider Improper Input Validation vulnerability
2023-07-13 09:30:28
Apache Airflow Hive Provider Beeline remote code execution with Principal
2023-07-03 12:30:34
veracode
veracode
Improper Input Validation
2023-07-14 10:18:52
Improper Input Validation
2023-07-07 06:34:41
cvelist
cvelist
CVE-2023-35797 Apache Airflow Hive Provider Beeline RCE with Principal
2023-07-03 09:08:53
cnvd
cnvd
Apache Hive Provider Code Execution Vulnerability
2023-07-05 00:00:00