2 matches found
CVE-2023-28707
Apache Airflow Drill Provider (Apache Software Foundation) before 2.3.2 is affected by an improper input validation vulnerability in drill connections (unsanitized host). This can enable reading arbitrary files exposed by the vulnerable component. CVSS v3.1 base score 7.5 (HIGH). Remediation: upg...
CVE-2023-39553
CVE-2023-39553 affects Apache Airflow Drill Provider prior to 2.4.3. The vulnerability arises from improper input validation that allows an attacker to pass malicious parameters when establishing a DrillHook connection, enabling read access to files on the Airflow server. CVSS v3.1 metrics indica...