Lucene search
ApacheVULNRICHMENT:CVE-2023-41267HistorySep 14, 2023 - 7:46 a.m.
CVE-2023-41267 Apache HDFS Provider error message suggested installation of incorrect pip package
2023-09-1407:46:42
CWE-829
apache
github.com
apache airflow
hdfs provider
incorrect package
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentationΒ info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:airflow_hdfs_provider:*:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "airflow_hdfs_provider",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "4.1.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
prion
prion
Code injection
2023-09-14 08:15:00
osv
osv
Apache HDFS Provider error message suggested
2023-09-14 09:30:28
CVE-2023-41267
2023-09-14 08:15:07
nvd
nvd
CVE-2023-41267
2023-09-14 08:15:07
cvelist
cvelist
veracode
veracode
Arbitrary Code Execution
2023-09-22 11:26:18
github
github
Apache HDFS Provider error message suggested
2023-09-14 09:30:28
cve
cve
CVE-2023-41267
2023-09-14 08:15:07
nessus
nessus
AI Score
6.7
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2023-41267