Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Airflow Hive Provider Security Vulnerabilities

cve
cve

CVE-2022-41131

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...

7.8CVSS

7.8AI Score

0.001EPSS

2022-11-22 10:15 AM
43
17
cve
cve

CVE-2022-46421

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.

9.8CVSS

9.4AI Score

0.006EPSS

2022-12-20 11:15 AM
55
cve
cve

CVE-2023-25696

Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3.

9.8CVSS

9.4AI Score

0.001EPSS

2023-02-24 12:15 PM
30
cve
cve

CVE-2023-25956

Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.

7.5CVSS

7.4AI Score

0.001EPSS

2023-02-24 12:15 PM
74
cve
cve

CVE-2023-28706

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.

9.8CVSS

9.5AI Score

0.02EPSS

2023-04-07 03:15 PM
79
cve
cve

CVE-2023-35797

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE viaprincipal parameter. For this to be exploited it requi...

9.8CVSS

9AI Score

0.002EPSS

2023-07-03 10:15 AM
87
cve
cve

CVE-2023-37415

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797Before 6.1.2 the proxy_user option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updating ...

8.8CVSS

9.1AI Score

0.002EPSS

2023-07-13 08:15 AM
27
cve
cve

CVE-2024-25141

When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented.Users are recommended to upgrade to version 4.0.0, which fixes this issue.

6.6AI Score

0.0004EPSS

2024-02-20 09:15 PM
3305