13 matches found
EUVD-2023-1759
Malicious code in bioql PyPI...
EUVD-2023-1863
Malicious code in bioql PyPI...
GHSA-9766-V29C-4VM7 Apache Airflow ODBC Provider Argument Injection vulnerability
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...
Apache Airflow ODBC Provider Argument Injection vulnerability
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...
CVE-2023-35798
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...
CVE-2023-34395
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...
CVE-2023-35798
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...
CVE-2023-35798
The CVE affects Apache Airflow ODBC Provider (before 4.0.0) and Apache Airflow MSSQL Provider (before 3.4.1). The issue is an input-validation/arbitrary file-read vulnerability exposed when DAG code uses get_sqlalchemy_connection, allowing access to files via resource updates. Impact is described...
CVE-2023-35798 Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...
CVE-2023-34395 Apache Airflow ODBC Provider: Remote code execution vulnerability
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...
CVE-2023-34395 Apache Airflow ODBC Provider: Remote code execution vulnerability
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...
CVE-2023-34395
CVE-2023-34395 affects the Apache Airflow ODBC Provider, specifically the OdbcHook component. The vulnerability stems from controllable ODBC driver parameters that allow loading of arbitrary dynamic-link libraries, enabling command execution and a privilege escalation in a local context. The issu...
PT-2023-3656 · Apache · Apache Airflow Mysql Provider +1
Name of the Vulnerable Software and Affected Versions: Apache Airflow ODBC Provider versions prior to 4.0.0 Apache Airflow MSSQL Provider versions prior to 3.4.1 Description: The issue is related to insufficient input validation in the Apache Airflow MSSQL Provider and Airflow ODBC Provider...