Lucene search

K
cvelistApacheCVELIST:CVE-2023-37415
HistoryJul 13, 2023 - 7:35 a.m.

CVE-2023-37415 Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user

2023-07-1307:35:33
CWE-20
apache
www.cve.org
2
cve-2023-37415
apache airflow
apache hive provider
improper input validation
apache software foundation
patching
cve-2023-35797
injection
vulnerability
update
provider version

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

69.1%

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.

Patching on top of CVE-2023-35797
Beforeย 6.1.2ย the proxy_user option can also inject semicolon.

This issue affects Apache Airflow Apache Hive Provider: before 6.1.2.

It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Airflow Apache Hive Provider",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "6.1.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

69.1%

Related for CVELIST:CVE-2023-37415