GHSA-QF38-JQ28-3CCQ Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory
A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...