5 matches found
The vulnerability of the Apache Airflow Spark Provider, a network-based software tool, allows a hacker to execute arbitrary code.
The vulnerability of the Apache Airflow Spark Provider network software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
PYSEC-2023-156
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider.When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks c...
GHSA-R2F6-6928-FH8F Apache Airflow Spark Provider Improper Input Validation vulnerability
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...
CVE-2023-40272 Apache Airflow Spark Provider Arbitrary File Read via JDBC
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...
CVE-2023-28710
Apache Airflow Spark Provider (before 4.0.1) is affected by CVE-2023-28710 due to improper input validation in the JDBC Hook, where host/schema can contain “/” or “?”, enabling an attacker to read arbitrary files during connection setup. Affected product: Apache Airflow Spark Provider prior to 4....