2 matches found
CVE-2023-35798
The CVE affects Apache Airflow ODBC Provider (before 4.0.0) and Apache Airflow MSSQL Provider (before 3.4.1). The issue is an input-validation/arbitrary file-read vulnerability exposed when DAG code uses get_sqlalchemy_connection, allowing access to files via resource updates. Impact is described...
CVE-2023-34395
CVE-2023-34395 affects the Apache Airflow ODBC Provider, specifically the OdbcHook component. The vulnerability stems from controllable ODBC driver parameters that allow loading of arbitrary dynamic-link libraries, enabling command execution and a privilege escalation in a local context. The issu...