5 matches found
CVE-2023-35797
CVE-2023-35797 affects Apache Airflow Hive Provider prior to 6.1.1 and is an Improper Input Validation vulnerability that can enable remote code execution via the principal parameter when connection details are modifiable. The issue is mitigated by upgrading the provider to version 6.1.1 or later...
CVE-2022-41131
The CVE-2022-41131 issue is an OS command injection in the Apache Airflow Hive Provider. Vulnerable components: Hive Provider versions prior to 4.1.0, and Airflow versions prior to 2.3.0 if the Hive Provider is installed. Root cause is improper neutralization of special elements in OS commands, a...
CVE-2022-46421
CVE-2022-46421 involves the Apache Airflow Hive Provider (Apache Software Foundation) and is a Command Injection vulnerability caused by improper neutralization of special elements. The issue affects the Hive Provider: before 5.0.0 . The available documents describe the vulnerability type and aff...
CVE-2023-37415
CVE-2023-37415 is an Improper Input Validation vulnerability affecting the Apache Airflow Hive Provider (versions before 6.1.2). The issue arises from input validation around the proxy_user option, which can permit semicolon injection, enabling an attacker to impact confidentiality, integrity, an...
CVE-2023-25696
CVE-2023-25696 is an issue in the Apache Airflow Hive Provider (pre-5.1.3) described as an Improper Input Validation vulnerability. The NVD entry lists a CRITICAL impact (CVSSv3.1: 9.8) affecting network attack vector with no user interaction, and high confidentiality, integrity, and availability...