11 matches found
EUVD-2023-1206
Malicious code in bioql PyPI...
EUVD-2023-0680
Malicious code in bioql PyPI...
The vulnerability of the Apache Airflow Hive Provider, a network software tool, stems from insufficient validation of input data. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Apache Airflow Hive Provider network software exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information...
PT-2023-4067 · Apache · Apache Airflow Hive Provider
Name of the Vulnerable Software and Affected Versions: Apache Airflow Apache Hive Provider versions prior to 6.1.2 Description: The issue is related to improper input validation, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected...
CVE-2023-35797 Apache Airflow Hive Provider Beeline RCE with Principal
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...
CVE-2023-35797
CVE-2023-35797 affects Apache Airflow Hive Provider prior to 6.1.1 and is an Improper Input Validation vulnerability that can enable remote code execution via the principal parameter when connection details are modifiable. The issue is mitigated by upgrading the provider to version 6.1.1 or later...
CVE-2023-28706
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...
CVE-2022-46421
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0...
CVE-2022-46421
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0...
CVE-2022-46421 Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0...
PT-2022-25664 · Apache · Apache Airflow Hive Provider +1
Name of the Vulnerable Software and Affected Versions: Apache Airflow Hive Provider versions prior to 4.1.0 Apache Airflow versions prior to 2.3.0 Description: The issue is related to an improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This...