5 matches found
Command injection
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...
PT-2022-25664 · Apache · Apache Airflow Hive Provider +1
Name of the Vulnerable Software and Affected Versions: Apache Airflow Hive Provider versions prior to 4.1.0 Apache Airflow versions prior to 2.3.0 Description: The issue is related to an improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This...
PT-2022-25269
Name of the Vulnerable Software and Affected Versions Apache Airflow Pig Provider versions prior to 4.0.0 Apache Airflow versions prior to 2.3.0 Description The issue is related to an improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This...
CVE-2022-40604 Format String Vulnerability
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction...
PT-2022-25514 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.3.0 through 2.3.4 Description: The issue is related to an open redirect in the webserver's "/confirm" endpoint. This endpoint is vulnerable to open redirect attacks. Recommendations: For Apache Airflow versions 2.3.0...