71 matches found
PYSEC-2026-273 Apache Airflow Hive Provider Beeline remote code execution with Principal
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...
PYSEC-2026-272 Apache Airflow Hive Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3...
PYSEC-2026-271 Apache Airflow Hive Provider vulnerable to code injection
Apache Software Foundation's Apache Airflow Hive Provider before 6.0.0 is vulnerable to improper control of generation of code...
PYSEC-2026-274 Apache Airflow Hive Provider vulnerable to Command Injection
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0...
CVE-2023-25696
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3...
EUVD-2023-1206
Malicious code in bioql PyPI...
EUVD-2023-2075
Malicious code in bioql PyPI...
EUVD-2023-1955
Malicious code in bioql PyPI...
EUVD-2023-0680
Malicious code in bioql PyPI...
EUVD-2022-7732
Malicious code in bioql PyPI...
EUVD-2022-7313
Malicious code in bioql PyPI...
CVE-2023-28706
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...
CVE-2022-41131
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...
CVE-2022-46421
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0...
CVE-2023-37415
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxyuser option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updatin...
CVE-2023-35797
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...
BIT-AIRFLOW-2022-41131 Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection)
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...
The vulnerability of the Apache Airflow Hive Provider, a network software tool, arises from improper code generation management. This allows an attacker to execute arbitrary code.
The vulnerability of the Apache Airflow Hive Provider network software is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Apache Airflow Hive Provider, a network software tool, stems from insufficient validation of input data. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Apache Airflow Hive Provider network software exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information...
GHSA-4Q2Q-Q5PW-2342 Apache Airflow Apache Hive Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxyuser option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updatin...