Sensitive Information in Error Messages in Apache Airflow

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack Python/Airflow...

CVE-2023-25695

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2...

Information disclosure

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2...

GHSA-MRPV-5PMR-P92H Improper Privilege Management in Apache Sling

Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or...

CVE-2023-25621

CVE-2023-25621 (Apache Sling i18n) : The i18n module is vulnerable to privilege escalation because any content author with write access can create or modify i18n dictionaries anywhere in the repository, allowing changes to any text/dialog across the product. Affected versions: Sling i18n up to 2....

Privilege escalation

Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch...

CVE-2022-42735

CVE-2022-42735 is an Improper Privilege Management vulnerability in Apache ShenYu where a low-privilege admin (ShenYu Admin) can create users with higher privileges than their own. The issue affects Apache ShenYu 2.5.0. The documented remediation is to upgrade to ShenYu 2.5.1 or apply the patch f...

CVE-2023-24997 Apache InLong: Jdbc Connection Security Bypass

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223...

Cross site scripting

Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214...

CVE-2023-24977

CVE-2023-24977 is an Out-of-bounds Read vulnerability affecting Apache InLong versions 1.1.0 through 1.5.0. The Red Hat and CVE records describe it as an information-disclosure risk via an out-of-bounds read, with a remediation path to upgrade to the latest InLong release or to cherry-pick the pa...

CVE-2023-24829

CVE-2023-24829 involves an Incorrect Authorization vulnerability in the iotdb-web-workbench component of Apache IoTDB. The issue affects iotdb-web-workbench from 0.13.0 up to versions before 0.13.3, and is fixed starting with 0.13.3. iotdb-web-workbench is an optional web console for IoTDB. Conse...

CVE-2023-24829 Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13....

Apache IoTDB 安全漏洞

Apache IoTDB is an integrated data management engine designed for time series data from the Apache USA Foundation that provides data collection, storage, and analysis services, among other things. A security vulnerability exists in Apache IoTDB version 0.13.0 through versions prior to 0.13.3, whi...

Command Injection in Apache Airflow and Apache Airflow MySQL Provider

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...

CVE-2023-22884

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...

CVE-2023-22884

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...

CVE-2023-22884

CVE-2023-22884 affects Apache Airflow (core) and the Apache Airflow MySQL Provider, with the vulnerability stemming from improper neutralization of input in the LOAD DATA LOCAL INFILE flow, enabling Command Injection. Reported affected versions: Airflow before 2.5.1 and MySQL Provider before 4.0....

GHSA-RC58-QR9J-CPGW Apache Airflow Hive Provider vulnerable to Command Injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0...

Apache Airflow Hive Provider vulnerable to Command Injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0...

CVE-2022-46421

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0...