2 matches found
CVE-2025-27018
CVE-2025-27018 describes an SQL injection vulnerability in the Apache Airflow MySQL Provider (before 6.2.0) caused by improper neutralization of special elements in SQL commands. When a user triggers a DAG using the dump_sql or load_sql functions, a UI-passed table parameter could be crafted to e...
CVE-2023-22884
CVE-2023-22884 affects Apache Airflow (core) and the Apache Airflow MySQL Provider, with the vulnerability stemming from improper neutralization of input in the LOAD DATA LOCAL INFILE flow, enabling Command Injection. Reported affected versions: Airflow before 2.5.1 and MySQL Provider before 4.0....