7 matches found
CVE-2023-22887
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit i...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +136 more potentially affected by CVE-2023-22887 via apache-airflow (>=1.8.2 <=2.5.3)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-22887 Source advisory: OSV:GHSA-GGWR-4VR8-G7WV...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +136 more potentially affected by CVE-2023-22887 via apache-airflow (>=1.8.2 <=2.5.3)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-22887 Source advisory: OSV:PYSEC-2023-104...
CVE-2023-22887 Apache Airflow path traversal by authenticated user
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit i...
CVE-2023-22887 Apache Airflow path traversal by authenticated user
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit i...
CVE-2023-22887
CVE-2023-22887 affects Apache Airflow versions before 2.6.3. The issue enables an authenticated attacker to perform unauthorized file access outside the intended directory by manipulating the run_id parameter (path traversal). The vulnerability is described as low impact since exploitation requir...
Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to CSV Injection (CVE-2023-22887)
Summary A CSV Injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-22887 DESCRIPTION: IBM InfoSphere Information Server is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused ...