Lucene search
ApacheCVELIST:CVE-2023-41267HistorySep 14, 2023 - 7:46 a.m.
CVE-2023-41267 Apache HDFS Provider error message suggested installation of incorrect pip package
2023-09-1407:46:42
CWE-829
apache
www.cve.org
apache hdfs provider
incorrect pip package
documentation info
package ownership
code execution
version 4.1.1
0.002 Low
EPSS
Percentile
51.8%
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentationΒ info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1
CNA Affected
[
{
"collectionURL": "https://pypi.python.org/",
"defaultStatus": "unaffected",
"packageName": "apache-airflow-providers-apache-hdfs",
"product": "Apache Airflow HDFS Provider",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
prion
prion
Code injection
2023-09-14 08:15:00
osv
osv
Apache HDFS Provider error message suggested
2023-09-14 09:30:28
CVE-2023-41267
2023-09-14 08:15:07
nvd
nvd
CVE-2023-41267
2023-09-14 08:15:07
cve
cve
CVE-2023-41267
2023-09-14 08:15:07
veracode
veracode
Arbitrary Code Execution
2023-09-22 11:26:18
github
github
Apache HDFS Provider error message suggested
2023-09-14 09:30:28
nessus
nessus