CVE-2023-28707 – apache-airflow-providers-apache-drill

Package

Manager: pip
Name: apache-airflow-providers-apache-drill
Vulnerable Version: >=0 <2.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00175 pctl0.39323

Details

Apache Airflow Drill Provider vulnerable to improper input validation Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized.

Metadata

Created: 2023-04-07T15:30:38Z
Modified: 2025-02-13T18:52:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-85pf-r4c7-3j9r/GHSA-85pf-r4c7-3j9r.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-85pf-r4c7-3j9r
Finding: F184
Auto approve: 1