34 matches found
PYSEC-2026-1142 Airflow Sqoop Provider RCE Vulnerability
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
PYSEC-2026-275 Apache Airflow Sqoop Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1...
EUVD-2023-0729
Malicious code in bioql PyPI...
EUVD-2023-2283
Malicious code in bioql PyPI...
CVE-2023-25693
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1...
CVE-2023-27604
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
The vulnerability of the Airflow Sqoop Provider plugin in the software for creating, monitoring, and orchestrating data processing scenarios allows a attacker to execute arbitrary code.
The vulnerability of the Airflow Sqoop Provider plugin, a software tool for creating, monitoring, and orchestrating data processing scenarios, is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
Remote Code Execution
Apache Airflow Scoop Provider is vulnerable to Remote Code Execution RCE. The vulnerability is caused by not validating/sanitizing the connection url used to import data from RDBMS e.g MySQL or Oracle into the Hadoop Distributed File System HDFS. The attacker can execute malicious commands by...
Apache Airflow Input Validation Error Vulnerability (CNVD-2023-70278)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow Sqoop Provider...
GHSA-G3M9-PR5M-4CVP Airflow Sqoop Provider RCE Vulnerability
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
Airflow Sqoop Provider RCE Vulnerability
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
CVE-2023-27604
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
Authorization
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
CVE-2023-27604 Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
CVE-2023-27604 Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
CVE-2023-27604 Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
CVE-2023-27604
CVE-2023-27604 affects the Apache Airflow Sqoop Provider, versions before 4.0.0. The weakness allows an authenticated attacker with permissions to create/edit connections to pass parameters via a connection (for example, via sqoop import --connect), enabling remote code execution and obtaining Ai...
Apache Airflow 输入验证错误漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow Sqoop Provider...
PT-2023-5338
Name of the Vulnerable Software and Affected Versions Apache Airflow Sqoop Provider versions prior to 4.0.0 Description The issue is related to insufficient input validation, which can be exploited by a remote attacker to execute arbitrary code. This can be achieved by passing parameters with...
Internet Bug Bounty: RCE vulnerability in apache-airflow-providers-apache-sqoop 3.1.0
A remote code execution vulnerability was found in the Apache Airflow Sqoop Provider before version 3.1.1, due to improper input validation in the libjars parameter, allowing attackers to execute arbitrary system commands on the machine performing the MR task...