Lucene search
K

5 matches found

BDU FSTEC
BDU FSTEC
added 2023/09/05 12:0 a.m.6 views

The vulnerability of the Apache Airflow Spark Provider, a network-based software tool, allows a hacker to execute arbitrary code.

The vulnerability of the Apache Airflow Spark Provider network software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS8.1AI score0.01413EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2023/08/28 8:15 a.m.6 views

PYSEC-2023-156

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider.When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks c...

8.8CVSS7.4AI score0.01413EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/08/17 3:30 p.m.17 views

GHSA-R2F6-6928-FH8F Apache Airflow Spark Provider Improper Input Validation vulnerability

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...

7.5CVSS7.2AI score0.01667EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/08/17 1:52 p.m.11 views

CVE-2023-40272 Apache Airflow Spark Provider Arbitrary File Read via JDBC

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...

7.3AI score0.01667EPSS
Exploits0References3
CVE
CVE
added 2023/04/07 2:55 p.m.63 views

CVE-2023-28710

Apache Airflow Spark Provider (before 4.0.1) is affected by CVE-2023-28710 due to improper input validation in the JDBC Hook, where host/schema can contain “/” or “?”, enabling an attacker to read arbitrary files during connection setup. Affected product: Apache Airflow Spark Provider prior to 4....

7.5CVSS7.5AI score0.02152EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder