2 matches found
CVE-2023-40272
CVE-2023-40272 - Apache Airflow Spark Provider : Multiple sources describe a vulnerability in the Airflow Spark Provider for versions before 4.1.3 where an attacker can pass malicious parameters during connection establishment, enabling reading of files on the Airflow server. Affected software: A...
CVE-2023-40272 Apache Airflow Spark Provider Arbitrary File Read via JDBC
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...