3 matches found
GHSA-R2F6-6928-FH8F Apache Airflow Spark Provider Improper Input Validation vulnerability
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...
CVE-2023-40272 Apache Airflow Spark Provider Arbitrary File Read via JDBC
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...
CVE-2023-28710
Apache Airflow Spark Provider (before 4.0.1) is affected by CVE-2023-28710 due to improper input validation in the JDBC Hook, where host/schema can contain “/” or “?”, enabling an attacker to read arbitrary files during connection setup. Affected product: Apache Airflow Spark Provider prior to 4....