Lucene search

[email protected]NVD:CVE-2023-37415

HistoryJul 13, 2023 - 8:15 a.m.

CVE-2023-37415

2023-07-1308:15:10

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-37415

apache airflow

apache hive provider

input validation

patching

updating version

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.1%

JSON

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.

Patching on top of CVE-2023-35797
Before 6.1.2 the proxy_user option can also inject semicolon.

This issue affects Apache Airflow Apache Hive Provider: before 6.1.2.

It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.

Affected configurations

NVD

Node

apacheapache-airflow-providers-apache-hiveRange<6.1.2

References

www.openwall.com/lists/oss-security/2023/07/12/3

lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.1%

JSON

Related for NVD:CVE-2023-37415

cvelist2 cve2 osv4 github2 prion2 veracode2 cnvd1 nvd1