CVE-2023-30771 Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of...

PYSEC-2023-7

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4...

Authentication flaw

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4...

CVE-2023-24831

CVE-2023-24831 affects Apache IoTDB Grafana Connector (0.13.0–0.13.3). It is an improper authentication flaw allowing login without authorization. Fixed in 0.13.4. Remediation: upgrade to 0.13.4+; monitor advisories for patch availability.

CVE-2022-47501

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07...

CVE-2023-30465

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL...

CVE-2023-30465

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL...

CVE-2023-30465

CVE-2023-30465 describes an SQL injection in Apache InLong (versions 1.4.0–1.5.0). The issue arises from improper neutralization of special elements in SQL commands, allowing manipulation of the orderType parameter to influence query ordering and potentially extract the username of the user with ...

Apache Airflow Drill Provider vulnerable to improper input validation

Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized...

GHSA-5CVG-9PP5-MXCJ Apache Airflow Hive Provider vulnerable to code injection

Apache Software Foundation's Apache Airflow Hive Provider before 6.0.0 is vulnerable to improper control of generation of code...

CVE-2023-28707

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...

CVE-2023-28706

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...

Code injection

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...

PYSEC-2023-3

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...

Input validation

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...

CVE-2023-28710 Apache Airflow Spark Provider Arbitrary File Read via JDBC

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1...

CVE-2023-28710

Apache Airflow Spark Provider (before 4.0.1) is affected by CVE-2023-28710 due to improper input validation in the JDBC Hook, where host/schema can contain “/” or “?”, enabling an attacker to read arbitrary files during connection setup. Affected product: Apache Airflow Spark Provider prior to 4....

CVE-2023-28706 Apache Airflow Hive Provider Beeline Remote Command Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...

CVE-2023-28706 Apache Airflow Hive Provider Beeline Remote Command Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...