2 matches found
PYSEC-2026-1142 Airflow Sqoop Provider RCE Vulnerability
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
PT-2023-5338
Name of the Vulnerable Software and Affected Versions Apache Airflow Sqoop Provider versions prior to 4.0.0 Description The issue is related to insufficient input validation, which can be exploited by a remote attacker to execute arbitrary code. This can be achieved by passing parameters with...